Australian government officials – including cabinet and shadow-cabinet ministers, state premiers and Department of Defence employees, as well as judges and high ranking AFP officers – are reportedly among the victims of the 2013 Yahoo hack, newly released datasets reveal.
A dataset provided by US security company InfoArmor reveal more than 3,000 log-in credentials for private Yahoo services linked to Australian Government email accounts, the ABC reports.
Social Services Minister Christian Porter, Liberal MP Andrew Hastie, Victorian Premier Daniel Andrews Shadow Treasurer Chris Bowen, opposition health spokesperson Catherine King and Liberal senator Cory Bernardi were among those identified in the dataset, the national broadcaster confirmed.
AFP officers, judges, magistrates and an employee of the Australian Privacy Commissioner were also said to have been compromised.
Yahoo launched an investigation into a possible breach August last year after someone offered to sell a data dump of over 200 million Yahoo accounts on an underground market, including usernames, easy-to-crack password hashes, dates of birth and backup email addresses.
The ABC was able to identify officials in the dataset because they had used their government emails as backups if they forgot their passwords, it said. The compromised accounts don't all relate to Yahoo's email service, but also affiliated web services such as Tumblr and Flickr.
InfoArmor alerted the Department of Defence of the breach in October, via an intermediary from NSW Police, and notified its own affected employees of the breach. It has not been confirmed whether employees of other agencies have been notified by their departments.
The chief intelligence officer of Arizona-based InfoArmor, Andrew Komarov said the breach “opens the door to significant opportunities for cyber espionage and targeted attacks to occur”.
World's biggest breach
In December, Yahoo confirmed that data associated with more than 1 billion user accounts was stolen in August 2013, the biggest hack the world has seen so far. The announcement came after a similar admission in September, when the company said a breach involving at least 500 million users had occurred in late 2014.
The breaches shook public confidence in the company and threatened to derail its sale to Verizon. In October, the New York Post reported that Verizon wanted a $1 billion discount on its original $4.8 billion asking price.
Yahoo CEO Marissa Mayer will resign from the company’s board of directors after the sale to Verizon is completed when the company will change its name to Altaba Inc.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.