May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality. March 2, 2026 - Large international steel company chooses eBuilders Complorer for cybersecurity training. March 2, 2026 - Large international steel company chooses eBuilder as supplier for Penetration testing. March 2, 2026 - A communications/branding agency chooses eBuilders Complorer for cybersecurity training. May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality. March 2, 2026 - Large international steel company chooses eBuilders Complorer for cybersecurity training. March 2, 2026 - Large international steel company chooses eBuilder as supplier for Penetration testing. March 2, 2026 - A communications/branding agency chooses eBuilders Complorer for cybersecurity training.
Company News
Threats & Attacks

Credential Attack on Biblio Locks 100,000 Swedish Library Borrowers Out of E-Books

June 9, 2026 3 min read
Credential Attack on Biblio Locks 100,000 Swedish Library Borrowers Out of E-Books

A credential attack against Biblio, the e-book platform used by public libraries across Sweden, blocked loan access for over 100,000 borrowers after attackers exploited simple PIN codes to gain unauthorized access. The attack began on a Tuesday (Jun 2, 2026). Affected users had their library cards suspended and were issued new PIN codes, cutting off access to borrowed e-books until the reset was complete.

Biblioteksbladet and Dagens Nyheter both reported the incident with Aftonbladet confirming that the Biblio service had been directly targeted. Multiple libraries across Sweden were affected, though neither Biblio nor any individual library authority has published a full list of impacted institutions.

How a Simple PIN Code Became the Attack Surface

The attack did not require a zero-day or a sophisticated intrusion chain. Attackers identified that Biblio accounts were protected by short, simple numeric PIN codes and used automated credential-stuffing or brute-force techniques to work through the space systematically. Once inside, they could access borrower accounts, view loan histories and disrupt active loans.

This is a foreseeable failure. A numeric PIN of four to six digits offers a few hundred thousand possible combinations at most. Against any system without rate limiting or account lockout controls, that is not authentication, it is a speed bump. The more interesting question is whether Biblio had either control in place, and the company has not answered it publicly.

No CVE has been assigned. No technical advisory has been published by CERT-SE or MSB at the time of writing. The absence of an official advisory does not mean the incident is minor, it means the public record is thin.

What Biblio Has Done and What It Has Not Said

Biblio’s immediate response was to suspend affected accounts and force a PIN reset across the impacted user base. That is the correct first step. What has not followed is a clear statement of scope, how many accounts were actively accessed by attackers, whether any personal data beyond account credentials was reached and whether the underlying authentication weakness has been structurally fixed or simply reset.

Forced PIN resets address the symptom. If Biblio has not implemented account lockout after repeated failed attempts or if it still permits four-digit numeric PINs as valid credentials, the same attack is repeatable the moment users set their new codes.

If You Have a Biblio Account

If you have received a notification prompting a PIN reset, do not reuse a simple numeric code. Set the longest alphanumeric password the service permits. If Biblio does not yet support longer passwords, use the maximum length available and avoid any sequence that appears in your other accounts.

Biblio accounts hold loan history and borrower identity data. That data alone is not high-value for financial fraud but it is enough to personalise phishing attempts. Any unexpected communication claiming to be from your library or from Biblio in the coming weeks deserves scrutiny.

Libraries affected by the disruption have not yet been named in full. If your library uses Biblio and you have not received direct communication about the incident, contact your library directly rather than waiting for a system prompt.

References

  1. The Hacker Attack Creates e-book Chaos at Libraries
  2. Hackers Borrowed Books – Returned without Reading
  3. Major Hacker Attack on Library Service – Patrons Must Change Code
  4. Hacker attack on libraries – library cards were blocked

This post is also available in: Svenska

Related News

All Cyber News