More than 100,000 suspected government logins found in massive breach

More than 100,000 suspected login details for Australian government agency portals have been discovered on a dark web forum with fears they’re part of a new massive global data breach.

A local cybersecurity firm uncovered a database of more than 14 million usernames and passwords in recent days, with a portion containing login details that access Australian government and agency websites.

Victoria-based Shield Corporate Security has alerted the Australian Cyber Security Centre about the potentially illicit database, which comes after a horror year for hacking and breaches. Telco Optus and health insurer Medibank are still grappling with the fallout from the high-profile hacks on their systems.

Zac Dromi, managing director of Shield Corporate Security, told AFR Weekend that most of the data had not been verified. But preliminary analysis suggests it is part of a massive data collection project from hackers.

“A database of usernames and passwords for government records worldwide was recently shared on a prominent dark web forum,” Mr Dromi said. “An analysis of the data revealed over 100,000 records that belong to multiple government entities in Australia, that is, gov.au.

“This is the tip of the iceberg from what appears to be a massive data breach of government credentials, Australia-wide, by a third party.

“We will need to work to verify and investigate this thoroughly.”

A spokesman for the Australian Cybersecurity Centre said it “does not comment on operational and intelligence matters”.

Australian government systems were not hacked to retrieve the login details, the firm said. Rather, usernames and passwords had been collected from people who had used government logins to access websites around the internet.

For example, hackers may have stolen the credentials of an Australian government employee who used their departmental email to log in to another service like Netflix or Twitter. That means thousands of the usernames and passwords found in the database appear to be government email addresses, and the passwords may not be ones used for accessing government websites.

Shield Corporate Security said the hacking entity offering to share the database with others on the dark web forum is believed to have been collecting the data since at least 2020.

It comes a few weeks after a security researcher said more than 200 million emails had been stolen from Twitter users, with fears there would be a rise in efforts to phish and doxx – publicly releasing personally identifiable information – people with the data. Twitter has not commented on the claims reported in a Reuters story on Friday.

  • Article first appeared in Australian Financial Review. Read the full article here.

Leave a Reply

Your email address will not be published. Required fields are marked *