According to Cairnspost, thousands of Aussies have been exposed to a cyber security breach by the federal government.More than 3500 people who signed up to receive emails from the ACCC’s product safety recalls website since the beginning of 2013 have had their email addresses listed publicly, exposing them to potential phishing campaigns where they may be targeted by emails claiming to be from recalls.gov.au.
IT security expert Phil Kernick, from CQR Consulting, said these people are at risk of receiving what appears to be a legitimate email. By clicking on a link, they could be allowing criminals access to their accounts.
“Considering these people have registered with the website, communications received from recalls would seem more legitimate,” Mr Kernick said.
The list of emails addresses exposed includes 662 gmail users, 506 hotmail users, 338 customers of Bigpond, 93 customers of Optus as well as government and business representatives including the Department of Defence, Ford and Woolworths.
The total number of people at risk is expected to be higher to incorporate those signing up for emails alerts prior to 2013 as well as to other ACCC mailing lists including SCAMwatch and the ACCC Public Registers.
When notified about the risk by News Corp Australia, the ACCC immediately shut down access to the exposed email addresses and said they were investigating the incident.
“The ACCC is investigating how this issue occurred and is reporting this breach to the Office of Australian Information Commissioner,” said an ACCC spokesman.
“It is not yet clear to the ACCC how many users have been affected or how long this has been an issue.
The ACCC takes the issue of privacy, including any breaches, very seriously and apologises to affected users.”
Mr Kernick believes there could be thousands of other websites exposing a similar risk, simply by not conducting proper IT security tests.
“These websites are created for a campaign or product and may not go through proper IT channels,” he said.
And Mr Kernick said it is critical to continually check the security of websites.
“It’s like a car service — if you don’t get it done, your car won’t work as well.”
No comments:
Post a Comment