The European Parliament's public Wi-fi network was subject to a man-in-the-middle attack, compromising MEPs emails.

European Parliament Wi-Fi Network Hacked
The European Parliament's public Wi-fi network was hacked, leading to MEPs' email accounts being compromised. (Reuters)

The European Parliament issues an advisory note on Monday warning that its public Wi-Fi network had been hacked and subject to man-in-the-middle attack.

A man-in-the-middle attack typically sees a hacker monitoring ("sniffing") the traffic being sent from users' smartphones, tablets and laptops over a network. If that data is unencrypted then the attacker can easily steal details such as passwords, usernames and other personal details.

A spokesperson has confirmed that while internal systems where not compromised, the email accounts of some MEPs and their staff were left open to attack.

Switched off

As a precaution, the parliament has switched-off the public Wi-Fi network "until further notice" and has instead directed all staff to install a European Parliament software certificate on their devices, allowing them to connect to the private parliament Wi-Fi network.

The IT manager who issued the advisory also recommended that all users change their parliament IT password as soon as possible in case the information had been compromised, adding that plans are in place to take "additional measures to further secure the communication to the Parliament."

Using public, free, and open Wi-Fi networks is an increasingly popular way for cyber-criminals to capture people's personal information. Just last week Trend Micro revealed that it had carried out two so-called Evil Twin tests as part of a report into the "culture of carelessness" of UK workers, where it showed just how easy it was to get people to connect to compromised networks.

The problem has been exacerbated by the rise of the BYOD (bring-your-own-device) phenomenon which sees employees using their personal devices for work.

"As more employees bring their own devices into the workplace, businesses face the challenge of enforcing corporate security policies on consumer devices that are not solely controlled by the IT department. Most employees now store a wide range of both personal and business information on their mobile devices, so this lack of control exposes businesses to serious security vulnerabilities in the form of data breaches and unauthorised access," said Jason Hart of security firm SafeNet.