Hungarian Government Faces Security Crisis Due to Weak Passwords and Credential Reuse
A Bellingcat investigation has exposed a major security lapse within Hungary’s government, revealing nearly 800 compromised email and password pairs tied to key ministries, including defense, foreign affairs, and finance. The findings suggest systemic negligence rather than targeted hacking, with officials relying on weak, reused passwords that eventually surfaced in breach dumps.
Among the most concerning discoveries were 120 compromised records linked to defense personnel, some stemming from a 2023 NATO eLearning platform breach that exposed emails, passwords, and phone numbers. While much of the data dates back to 2021, new instances continue to emerge, with some recent infostealer logs indicating active device compromises as recently as last month.
Password choices were particularly alarming. A colonel in "information security" used "FrankLampard" a reference to the former England footballer while a district director opted for "123456aA." Another senior official in Hungary’s NATO delegation used a password translating to "cute." Other examples included simple name-based passwords, easily guessable patterns, and credentials like "linkedinlinkedin" likely from the 2012 LinkedIn breach still in use.
The root issue appears to be poor security hygiene: officials registered government emails on third-party services, then reused passwords across multiple platforms. Once those services were breached, the credentials spread through underground markets. The investigation also uncovered infostealer malware logs, suggesting some devices were actively compromised rather than just caught in old leaks.
The incident underscores how basic security failures weak passwords, credential reuse, and unchecked third-party sign-ups can undermine even critical government functions. With no advanced hacking required, the breach highlights the persistent risks of human error in cybersecurity.
Source: https://www.theregister.com/2026/04/11/hungary_government_logins_breach/
Ministry of Foreign Affairs and Trade of Hungary cybersecurity rating report: https://www.rankiteo.com/company/mfa-hungary
NATO cybersecurity rating report: https://www.rankiteo.com/company/nato
"id": "MFANAT1775903094",
"linkid": "mfa-hungary, nato",
"type": "Breach",
"date": "1/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Defense personnel, NATO '
'delegation members',
'industry': 'Defense',
'location': 'Hungary',
'name': 'Hungarian Ministry of Defence',
'type': 'Government Ministry'},
{'customers_affected': 'Government officials',
'industry': 'Foreign Affairs',
'location': 'Hungary',
'name': 'Hungarian Ministry of Foreign Affairs',
'type': 'Government Ministry'},
{'customers_affected': 'Government officials',
'industry': 'Finance',
'location': 'Hungary',
'name': 'Hungarian Ministry of Finance',
'type': 'Government Ministry'}],
'attack_vector': 'Credential Reuse, Weak Passwords, Third-Party Service '
'Breaches',
'data_breach': {'number_of_records_exposed': 'Nearly 800',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Passwords',
'Phone numbers',
'Personally Identifiable '
'Information']},
'description': 'A Bellingcat investigation exposed a major security lapse '
'within Hungary’s government, revealing nearly 800 compromised '
'email and password pairs tied to key ministries, including '
'defense, foreign affairs, and finance. The findings suggest '
'systemic negligence with officials relying on weak, reused '
'passwords that surfaced in breach dumps. The incident '
'highlights poor security hygiene, including registration of '
'government emails on third-party services and reuse of '
'passwords across platforms.',
'impact': {'brand_reputation_impact': 'Significant damage to government '
'cybersecurity reputation',
'data_compromised': 'Email addresses, passwords, phone numbers, '
'personally identifiable information',
'identity_theft_risk': 'High risk due to exposure of PII and '
'credentials',
'operational_impact': 'Potential compromise of government '
'communications and sensitive information',
'systems_affected': 'Government email systems, third-party '
'services used by officials'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely, given the nature '
'of breach dumps and '
'underground markets',
'entry_point': 'Third-party service breaches, '
'infostealer malware',
'high_value_targets': 'Defense personnel, NATO '
'delegation members'},
'lessons_learned': 'The incident underscores the risks of poor password '
'hygiene, credential reuse, and unchecked third-party '
'sign-ups in undermining government cybersecurity. Basic '
'security failures can lead to significant compromises '
'without advanced hacking.',
'post_incident_analysis': {'root_causes': ['Weak and reused passwords',
'Registration of government emails '
'on third-party services',
'Lack of multi-factor '
'authentication',
'Poor security hygiene among '
'officials']},
'recommendations': ['Enforce strong password policies and multi-factor '
'authentication for all government accounts',
'Prohibit reuse of passwords across platforms',
'Restrict registration of government emails on '
'third-party services',
'Implement continuous monitoring for credential leaks and '
'infostealer activity',
'Conduct regular cybersecurity training for government '
'personnel'],
'references': [{'source': 'Bellingcat Investigation'}],
'title': 'Hungarian Government Security Crisis Due to Weak Passwords and '
'Credential Reuse',
'type': 'Credential Compromise',
'vulnerability_exploited': 'Poor password hygiene, lack of multi-factor '
'authentication, unsecured third-party services'}