iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Emails and cracked passwords are included in the dump, including at least .gov.au addresses.
The details were posted for sale on a popular clear web forum on 11 October, after they had apparently been obtained the week before.
“Australian retailer 1300epromo.com.au database dumped by me one week ago,” the poster wrote. “2,059 customer information including email, name, phone, address and password hash.”
1300epromo is a Queensland-based promotional company specialising in branded merchandise and uniforms.
The more than 2,000 lines of data appear to be customer details and include both commercial and government email details. Also included are login IDs for each customer, alongside business addresses and phone numbers.
“Many of the emails are domain mails for other companies in Australia, including .gov.au mails, company mails and custom Outlook mails for companies, AU government and universities,” according to the post.
More alarmingly, while the included passwords are all hashed, the poster claims to have cracked nearly half of them.
“I cracked over 1,000 of the passwords and included them in an email:pass formatted .txt file,” the poster said.
Also included is a sample selection of the data, which does, in fact, include at least one qld.gov.au email address belonging to the Museum of Tropical Queensland. The sample data is predictably broad, including beauty companies, property firms, insurance companies, and at least one charity.
“I checked some email:pass combos manually, and about 50 per cent were valid on Outlook, Gmail or other domains (Outlook & Gmail protected by 2FA though),” the poster said. “Did not check with a checker; maybe you’ll get some good use/access from it. Enjoy!”
Cyber Daily has been in contact with 1300epromo, but the company has so far declined to comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
