Security credentials said to have belonged to tens of thousands of government officials, including 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff were in the troves sold or swapped on Russian-speaking hacking sites.
Security experts warned that hackers could use the data to penetrate government accounts, especially if the passwords were used across a number of different platforms.
The majority of the passwords are said to have been compromised in a 2012 hacking raid on the business social network LinkedIn, in which millions of users’ details were stolen.
The National Crime and Security Centre (NCSC) confirmed that its cyber security advice has been highlighted to departments in light of the discovery by The Times.
The report looked at a number of different organisations in the UK including the police, finding that in the force, the most common passwords contained the word ‘police’ ‘password’ and ‘police1’
In the wake of the LinkedIn attack users were advised to change their passwords on the site and any other accounts that used the same credentials.
The warning was repeated in 2016 when it emerged the compromised passwords were being sold by criminal gangs.
A Government spokesman said it was a “historical incident”.
“When it took place, LinkedIn gave advice that people should change their passwords. Anybody who is no longer using the password will not have had their account breached.”