Posted on November 5, 2021 at 4:24 PM
Hackers Have Compromised mySA Accounts Of Thousands Of Australians
A recent report revealed that mySA Gov accounts were compromised by a cyberattack. The online platform is launched by the South Australian Government and used for providing single-account access to state services.
The South Australian Department of Transportation Infrastructure reported that threat actors had access to the mySA Gov accounts by using the same passwords utilized by its users on other websites. After obtaining a password from the website, the threat actor used it to gain access to several mySA GOV accounts, the department stated.
Most Affected Accounts Contain License Details
Although the department didn’t mention the unrelated websites, it stated that about 2,600 mySA accounts were breached in the attack. It also noted that the majority of the accounts (about 2,000) contained license and registration details.
The department said it discovered the hacking incident on Tuesday and has prevented users from having access to the platform. It has also sent emails to the affected account owners to notify them about possible account breaches. The department advised them to change their account details as soon as possible to prevent hackers from hijacking the entire account or using them to launch further attacks.
However, the agency noted that there has been “no evidence of fraudulent transactions” on the affected accounts.
The Department also advised users not to use any password used on another website on their mySA accounts. It warned that threat actors can compromise their current if they get hold of their previously used password which matches the present account password.
Additionally, they should make it extremely difficult for hackers to decipher their password by adding different characters when creating the new password.
The department has also recommended that all the affected account holders should join the Services SA Center to change their drivers’ license numbers. According to the agency, the action is necessary to prevent any hacking attempt, as unauthorized persons may have access to the account details.
The Increasing Spate Of Attacks On Australian Organizations
Australian organizations have become targets of cyberattacks in recent times. In March this year, live broadcast on Australia’s Channel Nine TV network was disrupted due to a cyber-attack. This led to questions regarding the company’s vulnerability to attacks.
The broadcaster noted that it wasn’t able to air several programs on the day of the attack as well as during the weekend.
The nature of the attack and the fact that the victim was a broadcasting corporation makes it feel like a nation-state attack.
So, shortly after the attack, the company started an investigation to find out whether the threat actors are linked to foreign governments.
The Australian government has intensified efforts to fight cyberattacks on organizations and government entities in the country. Assistant Defense Minister, Andrew Hastie, stated that the attack on Australian organizations is a reminder that Australians cannot be relaxed about their cybersecurity.
In response to the attacks, the Australian Criminal Intelligence Commission and the Australian Federal Police are set to receive powers to seize online dark web accounts of terrorists and criminals. The law, which was passed in August, will empower the two bodies to hack into the criminals’ networks.
Although human rights groups kicked against the law and called for judicial oversight, the law was still passed less than 24 hours after it was debated by the Australian Parliament.
Information Commissioner Slams Clearview AI For Privacy Breach
In another development, the Office of the Australian Information Commissioner (OAIC), has discovered that Clearview AI breached Australia’s privacy laws on several occasions. The commissioner, after uncovering the company’s intrusive practices, stated that the number of Australians who have had their biometric details scraped by the firm was still unknown. It stated that an investigation is still in process regarding the extent of the violation.
The Commissioner’s earlier investigation revealed that the firm’s facial recognition instrument collected sensitive information from several Australians without seeking their consent.
However, an investigation carried out by the UK Information Commission’s Office (ICO) and OAIC discovered that the company scrapped biometric information from websites from at least 3 billion people, including Australians.
The Commission revealed that some policy agency users, who are Australian residents, searched and saw images of themselves in the Clearview AI’s database.
Angelene Falik, Australia’s Information Commissioner, after considering these factors, accused Clearview AI of collecting users’ information through unfair means and without seeking consent from them. She added that although the details copied were already available online, it still breaches the privacy rights of the affected users as they were not informed.