Hackers have broken into a website of the Australian Institute of Business Brokers and published 260 user login credentials on the internet.
The institute, the peak industry body that represents professional business brokers, was unaware of the hack which happened late yesterday.
National President Paul Nielson said the members login area did not include financial data.
CRN sister site SC has verified the identity of a random sample of brokers contained in the list. Ten of the 14 executive members had their logins published including Nielson.
The hashed passwords appeared to be encrypted with MD5 which can be easily cracked.
The institute is investigating the breach. It owned three websites and it was unclear at the time of writing which site was hacked.
The hacker ignit3 from the nullcrew hacking group claimed credit for the breach which appeared to be made in reference to the #opAustralia campaign that targets the Federal Government’s draft data retention scheme.
Under that operation, an AAPT server held by Melbourne IT was hacked and a claimed 40Gb of data stolen.
Copyright © SC Magazine, Australia
Issue: 347 | March 2016