Consolidated Major Australian Data Breaches Thread

It's more likely the potential customers of this information will be most interested in those records that have linked CC details... the others, probably/hopefully not so much.



JSmith

 

Identity theft is big business.

 

Absolutely, or they wouldn't bother.

The most valuable records (i.e. command a higher price) from my understanding are those that contain full or partial CC details though, rather than just name/address/email. Those with DOB's would also be a bit concerning.

Let's hope not too many people used the same password for this as their internet banking email.

Anyone know how they got attacked yet?



JSmith

 

I went to check and couldn't progress into my profile because it asked for my mobile.

 

Same here. I suspect that their entire site has been breached and now the attackers are just trying to harvest more data to fill in the blanks. Luckily I have different passwords for everything so it's not that big a deal for me on that front but I can't remember if I unlinked my credit card last time I bought something.

 

more likely they’ve enforced 2fa to prevent further damage…

 

It wasn't just a "hey what's your mobile so we can send you a message screen" it was a please enter your name, address, etc. form which they should already have.

 

Related, so I'll pop this here;

https://www.abc.net.au/news/2024-05...ion-takes-down-ransomware-networks-/103917618

JSmith

 

I was telling a colleague about ukraine's troll farms and ransom groups that we stopped talking about when the ruzzia orc attacks begun.

Good to see action, but it does feel like stopping these groups will just be like cutting the head off a hydra though.

 

Is Ticketek the same mob as Ticketmaster?

 

Nah... Ticketek is Ticketmasters competitor here and is owned by 9 Entertainment. Ticketmaster is from the US, massive global corp., Live Nation Ent.



JSmith

 

Ok because this is an email I received tonight....

 

Shit, that's not good. It's concerning they say;

We would like to reassure you that Ticketek has secure encryption methods in place for all passwords and your Ticketek account has not been compromised.

... and then;

The available evidence at this time indicates that, from a privacy perspective, your name, date of birth and email address may have been impacted.



JSmith

 

That's shorthand for we encrypted the passwords but didn't bother to encrypt the account details that the passwords belong to.

They have a lot of confidence in the security of the passwords and payment details.
But I imagine they also had a lot of confidence in the security of the systems that got breached, right up until they were breached.

 

Yeah we know.

 

Got a mail from HYBP

https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/

 

Australian Information Commissioner is going after Medibank over their data breach under the Privacy Act 1988 so 9.7 million breaches. Will be interesting how this pans out. Max per breach is 2.22 million but the individual amount will not be anywhere near that.

https://www.abc.net.au/news/2024-06...ed&utm_campaign=abc_news_web&utm_content=link

 

Well looks like you got your wish...

https://www.abc.net.au/news/2024-06-05/hacked-health-company-goes-into-administration-/103938942

... doesn't seem right to me. I think Govt needs to think about this more. It should be a helpful environment when these things happen, not always punitive.



JSmith

 

There's no incentive for a company to do the right thing when it comes to the security of the data they collect.
"The government will bail us out"
"Too big to fail"
etc etc

Fuck them and fuck them hard.

 

I would agree... if we had details of how the breach occurred and it was clearly due to idiocy or non-concern. I don't think we can say black and white... there is a lot of grey.

One can only assume this mob didn't have cyber security insurance.

The Govt bails out many companies... look at all the money the tax payer spent on the car industry here for example, subsidies all over the place in other industries too.

Why should the ICT sector be ignored?



JSmith