On a dark web forum, more than 100,000 alleged login details for portals run by Australian government agencies were found, raising concerns they may be a part of a recent, massive global data breach.
A local cybersecurity company recently discovered a database of over 14 million usernames and passwords, some of which contained login information for websites run by Australian government and governmental agencies.
After a terrible year for hacking and breaches, Victoria-based Shield Corporate Security has informed the Australian Cyber Security Centre about the possibly illegal database. The repercussions from the high-profile breaches on their networks is still a concern for telco Optus and health insurance Medibank.
The majority of the data had not been verified, according to Zac Dromi, managing director of Shield Corporate Security, who spoke with AFR Weekend. However, preliminary research indicates that it is a component of a massive hacker data collection scheme.
According to him, recently, a well-known dark web site posted a database containing usernames and passwords for government records from all around the world. Over 100,000 records from various Australian government agencies, or gov.au, were found after a data analysis.
“This is the tip of the iceberg from what appears to be a massive data breach of government credentials, Australia-wide, by a third party. We will need to work to verify and investigate this thoroughly.” said Dromi.
A spokesman for the Australian Cyber Security Centre said it “does not comment on operational and intelligence matters”.
The firm claimed that no login information was stolen through hacking into Australian government servers. Instead, individuals who had accessed websites throughout the internet using government logins had provided their usernames and passwords.
For instance, hackers might have obtained the login information of a member of the Australian government who used their work email to sign in to Twitter or Netflix. In other words, tens of thousands of usernames and passwords discovered in the database appear to be government email addresses, and the passwords might not be ones used to access government websites.
According to Shield Corporate Security, the hacker who posted an offer to share the database on a dark web forum is thought to have started gathering the information at least in 2020.
It occurs just after a security researcher revealed that more than 200 million emails belonging to Twitter users had been stolen, raising concerns that more people with the data will be targeted for phishing and doxx attacks, which involve publicly disclosing personally identifiable information. Twitter has not responded to the allegations made in a Friday Reuters article.