Yahoo Data Breach ‘Affects 3,000 Australian Government Figures’


Australian media have identified government officials, MPs, judges and high-ranking federal police amongst those affected

More than 3,000 accounts involved in the record-breaking Yahoo breach disclosed last month were linked to Australian government officials, including MPs, judges and federal police, according to an analysis by the Australian Broadcasting Corporation (ABC),

The new has prompted Australian prime minister Malcolm Turnbull to say he would launch a probe into the matter.

The hack is thought to have affected roughly one billion accounts, making it the largest known breach to date, and was carried out in August 2013, but only disclosed to the public in December of last year after the dataset was offered for sale online.


High-profile figures affected

The ABC said it analysed the dataset and identified accounts linked to Australia’s social services minister Christian Porter, shadow treasurer Chris Bowen, Liberal senator Cory Bernardi, Victoria premier Daniel Andrews and Liberal MP Andrew Hastie, as well as judges, high-ranking federal police officers, AusTrac money laundering analysts and political advisers.

The affected accounts included Yahoo email addresses as well as Yahoo-owned platforms such as Tumblr and Flickr, the ABC said. The breach disclosed names, addresses, passwords and telephone numbers associated with the accounts.

Turnbull acknowledged that vulnerability to such breaches “is a very real issue” but said classified government information would not have been transmitted over such accounts.

He said he would instruct cyber-security special adviser Alastair MacGibbon to investigate how the breach had come to affect government officials.

MacGibbon said the scope of the breach was far-reaching and acknowledged hackers could have accessed accounts elsewhere if passwords were reused. The information acquired as a result of the hack could be used for blackmail, computer security experts have said.

But MacGibbon added it wasn’t clear how active the hacked accounts were.

Inactive accounts

The office of social services minister Christian Porter told the Sydney Morning Herald that the minister had never knowingly used a Yahoo account, but that one may have been created by a staff member when Porter was a state MP in Western Australia.

Liberal MP Andrew Hastie said he could not recall having operated a Yahoo account, and shadow treasurer Chris Bowen said he had not used such an account in 10 years.

Yahoo has blamed the incident on an unnamed government, but InfoArmor, which initially discovered the database for sale in August of last year, said the hack was carried out for profit by an organisation it called Group E.

InfoArmor notified law Yahoo, law enforcement agencies and government bodies, including those in Australia, during the period after its discovery and before Yahoo’s public disclosure in December.

The group behind the hack is also thought to have carried out other large breaches affecting LinkedIn, Myspace, Dropbox and Tumblr, which were also exploited for several years before being offered for sale online.

Do you know all about security? Try our quiz!