Hackers targeted Parliament’s email system in an attempt to access the accounts of hundreds of MPs, Lords, aides and staff.
Up to 90 accounts were said on Sunday to have been compromised, meaning less than 1 per cent of the system’s users, as The Guardian claimed suspicion had fallen on Russia and North Korea.
Security services shut down access for anyone not in Westminster as part of efforts to secure the network after the allegedly state-sponsored attack.
“The Houses of Parliament have discovered unauthorised attempts to access parliamentary user accounts,” a parliamentary spokesperson told The Independent.
Oz Alashe, a former special forces Lieutenant Colonel and chief executive officer of cyber security platform CybSafe, said compromising email accounts can merely be the “first step” in a wider attack.
“Email accounts represent a rich source of information for hackers, so compromising these accounts would often be the first step in a sophisticated cyber attack,” he added.
“With the disarray caused by the recent elections, and the resultant changes in parliamentary staff, it would be a prime time to use social engineering to obtain email passwords.
“Fortunately, it appears this attack has been detected early and locked down. Let’s hope no sensitive information has been lost to hackers.”
Mr Alashe told The Independent that the most common method for this type of attack was “brute force”, where considerable processing power is directed to running through as many possible combinations of passwords as possible in a short space of time.
“If it’s simply an attempt to hit a parliamentary domain and gain passwords it could be an individual, but equally it could be a state – it’s too early to tell,” he added.
The attempt came days after reports that Russian hackers had put passwords belonging to senior ministers, ambassadors and senior police officers up for sale online.
Two lists of stolen data included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials, The Times reported.
The information was believed to have been stolen from LinkedIn, MySpace and other smaller sites, with many passwords “easy to guess”, incorporating memorable numbers and relatives’ names.
Mr Alashe said it was too early to say whether the two incidents were directly connected but that they were part of the same issue.
He said criminal hackers “harvest information” including passwords, addresses and credit card numbers before selling them online, where they can be picked up and used by other actors, including foreign states.
“Many people use the same passwords for different accounts – it’s not unusual,” he added.
“That’s why so many attackers are after these things – once they compromise one account they can sell the password to be used to access others.”
Official guidance from the NCSC states that hackers use software that automatically predicts minor variations to passwords, including the substitution of letters for numbers, warning not to worsen vulnerability by using the same password for accounts at work and home.
The use of longer passwords including a mix of letters, symbols and numbers helps guard against brute force attacks.
Mr Alashe said 75 per cent known breaches take place “because of people rather than technology”, warning: “It doesn’t really matter how good systems are if we as people are making it easy for hackers.
“One of the most important things is for organisations to educate people on how they can be safe online.
“I don’t think the threat is getting worse, but attacks are happening more frequently.
“But that’s partly because so many people are much more connected digitally – there are so many more opportunities for people to be hacked.”