Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.
MyGov accounts are part of a list of more than 150.000 ".com.au" breached links available for sale on the dark web, where logins sell for a few minutes to several hundred dollars.
MyGov, released in 2013, serves as a gateway to a number of sensitive government servicessuch as the tax office, Centrelink, Medicare, the National Disability Insurance System and My Health Records.
"Each subscription service has its own scam capabilities," said Hank Jongen, director general of the Australian Service. services they had to be linked to a person's MyGov account to be accessible.
Mr Jongen said that while he would not comment on "specific companies in cyberspace", "Services Australia" was provided with information showing the ongoing activity on the dark web ”.
The breached accounts were located by the Israeli intelligence company KELA, which specializes in dark web threat intelligence.
KELA chief information officer Elad Ezrahi said MyGov accounts had been hacked by more than 2000 computers that had been hacked or "bots".
"The threatening factors behind these platforms are likely to gain this data either by running their own infrastructure. botnet "Or buying stolen credentials from other agents," said Ezrahi.
The data can be used by an intruder for various malicious activities, depending on the motives of the intruders.
"For example, an intruder who buys a bot with infringed accounts on the portal my.gov.au can use the victim's data to steal identities and perform various fraudulent activities."
Mr Jongen said if people suspected that their MyGov accounts had been compromised, they should contact Scams and Identity Theft Helpdesk.
"This team can quickly recalculate an account and disconnect member services to prevent further access," he said.
The logins seen by The Australian Financial Review include banks, government agencies, stores telecommunications and e-commerce. The most recent data was from the end of May 2020. For legal reasons no data were purchased to confirm authenticity.
His pandemic COVID-19 has proved beneficial to them hackers as millions of employees work remotely, with information company Cybel reporting that more than 500.000 Zoom accounts are available for sale online.
The average prices for a range of products for sale on the dark web are: fake passports ($ 1500), driver's licenses ($ 550), credit cards ($ 35) and email ($ 55).
Australia's Australian Cyber Security Center issued a warning in November stating an increase in usage malware associated with botnet.