March 13, 2026
Scandi code spill, comments on fire
Source code of Swedish e-government services has been leaked
Code dumped, citizen data for sale, and commenters are livid
TLDR: A hacker says they leaked Sweden’s entire e‑government code and are selling citizen data on the side, igniting outrage. Commenters feud over “open source it” vs “secure it,” while cynics predict no fines or firings—just a trust crisis for anyone using government digital services.
Sweden’s digital government just got undressed in public, and the comments are feral. A hacker calling themselves “ByteToBreach” claims they leaked the entire e‑government platform’s code after breaking into a contractor’s systems, the same crew bragging about the Viking Line hit yesterday. But the crowd says the real bombshell isn’t the code—it’s the claim that citizens’ personal info and e‑signing documents are being sold separately. As one top comment put it, “The source code is the least of it!”
Cue the chaos: one confused soul asked if this was “open source,” triggering a pile-on of explainers and eye-rolls. Another commenter pitched the spicy idea to open source the platform on purpose so “there’s nothing to leak,” while others clapped back that open code won’t fix sloppy security. The hacker’s flex—free code, paid data—sparked fury about accountability: people are asking who gets fined under Europe’s privacy rules (GDPR), with a bleak chorus insisting, “government gets a pass, citizens get the bill.”
Amid the outrage, a wild nostalgia detour: someone wondered if the leak includes the Swedish Armed Forces’ old viral teamwork game, Team Test. Dark humor aside, the mood is crystal: the code is free, your data isn’t, and trust in digital government just took a nosedive. Even the non-tech crowd gets it—this isn’t just a nerdy code spill; it’s a public‑trust meltdown.
Key Points
- •Threat actor ByteToBreach claims to have leaked the full source code of Sweden’s E-Government platform.
- •The actor alleges the breach stemmed from a compromise of CGI Sverige AB infrastructure, part of CGI Group.
- •In addition to source code, assets like a staff database, API document signing system, and Jenkins SSH pivot credentials are included; citizen PII and e-signing documents are reportedly being sold separately.
- •Disclosed techniques include a Jenkins compromise, Docker escape via Jenkins user in the Docker group, SSH private key pivots, analysis of .hprof files, and SQL copy-to-program pivots.
- •The actor says the source code is free to download via multiple backup links, while the claim URL is available to subscribers on specific threat/ransomware feeds.