Major Cyberattack Disrupts Swedish Library E-Book Services

A significant cyberattack has recently disrupted the operations of several Swedish libraries by targeting the popular Biblio e-book lending platform, operated by Wedobooks. The incident, uncovered earlier this week, has prompted immediate security actions from libraries and service providers as thousands of unauthorized accounts were created in a matter of hours.

Wedobooks, which supplies digital lending infrastructure to many public libraries in Sweden, became aware of the breach when an unusually high number of loans were processed through newly established library card accounts in a short timeframe. The pattern observed involved borrowers immediately returning the e-books after checkout, continuing the process until the maximum loan quota was met, and then repeating it with new accounts.

According to representatives from Wedobooks, approximately 8,000 new accounts were created within just a few hours across four different libraries. This activity raised concerns that a malicious actor had access to extensive library card data and associated PIN codes. The origin of this data remains unclear, with Wedobooks confirming that the information could not have been obtained directly from their system, as they had no records of these new accounts or PINs until after account creation.

Further investigations indicated that the breach did not stem from the library systems responsible for issuing cards. The source of the data leak is still unknown, and inquiries are ongoing to determine how the attackers obtained access to so many valid credentials.

By the following day, similar suspicious lending behavior was identified among existing user accounts across 78 libraries. In response, Wedobooks suspended all loan functionalities for accounts that utilize library card numbers or national identification numbers combined with a four-digit PIN to access the service. Only accounts accessed through verified email addresses remain operational, as this method is considered more secure and confirms the identity of the user.

One of the libraries affected by the breach is the Stockholm Public Library. As a precautionary measure, the library has reset the PIN codes for all registered borrowers. This step aims to prevent further unauthorized access and safeguard users' personal data.

The motive behind the attack is still under review. There is uncertainty as to whether the perpetrators intended to disrupt library operations, test system vulnerabilities, or pursue another objective. The most valuable assets within the e-book lending system are the digital books themselves; however, these resources can only be accessed and read within the controlled environment of the library's service platform.

Library service providers and stakeholders are now engaged in discussions to improve system security. The current method of accessing accounts using only a library card number and a four-digit PIN is acknowledged as insufficiently robust against sophisticated cyber threats. Efforts are underway to explore stronger authentication methods, potentially requiring more secure login credentials or multi-factor authentication to protect user data and prevent future incidents.

Users of the affected libraries are advised to update their PIN codes and monitor their account activity for any signs of unauthorized access. The libraries and Wedobooks are working to restore full service and implement enhanced security measures as quickly as possible.