Cyber Incident Victim: Church of Scotland

On February 20, 2014, hacker @security_511 breached the Church of Scotland's website (churchofscotland.org.uk) and leaked credentials from its systems. The attacker publicly disclosed the breach via Twitter and published the stolen data on Pastebin shortly after the intrusion. The leaked dataset included 1,570 user accounts containing usernames, email addresses, and encrypted passwords, along with nine administrator accounts that exposed email credentials with clear-text passwords. Notably, the administrator credentials belonged to a separate but related official domain (cofscotland.org.uk) rather than the primary breached domain. Analysis of the leaked administrator passwords revealed weak security practices, including easily guessable credentials such as "qwer56123."

The incident exposed authentication vulnerabilities across multiple Church of Scotland digital properties, compromising both standard users and privileged administrative accounts. @security_511's activities showed a pattern of targeting religious organizations, as evidenced by a similar breach of the Church of Cyprus disclosed the previous day. The attacker had recently resumed operations after a period of inactivity, expanding targets beyond this incident. No information about the Church's detection methods, containment procedures, or remediation efforts was disclosed in available reports. The breach resulted in the unauthorized exposure of sensitive authentication data, creating potential secondary compromise risks for affected individuals through credential reuse attacks. The publication of clear-text administrator passwords particularly heightened risks of subsequent unauthorized access to church systems.