Mystery Victim

Australian Hosting provider hacked 03 Mar 2024

blackbasta has hacked 12 Australian companies that (presumably) share the same Hosted Virtual Desktop (HVD) provider.

The blackbasta site shows dozens of Australian photo ID’s from one or more of the hosted businesses, as well as the folder structures for the others.

This is the full list of businesses identified:

Active Sites

  • opt.net.au
  • wilsonfabrics.com
  • knoxbridge.com.au
  • novaemployment.com.au
  • xenit.com.au
  • advancedcs.com.au
  • localbar.com.au
  • therose.pub
  • primrose.co.uk

Inactive sites

  • australiantextiles.com.au
  • ausweave.com.au
  • bartgroup.com.au
  • bruck.com.au
 

blackbasta doesnt list the name of the HVD provider.

Impact

Theres two layers of impact in this breach.

The HVD customers

These business have had what looks like their file servers breached. There are documents ranging from legals, budgets, staff details through to ATO submissions. Being small businesses, this will be very difficult for them to mitigate.

The HVD customers, customers

This one is going to impact customers pretty hard, the data leaked includes a lot of photo ID’s ranging from drivers licences to passports.

It’s not clear which of the hosted companies held the PII data

Details

This is ongoing and not a lot of details are known.

Communication

No communications from listed victims

Opinion

Dont store customer identification!

For fuck’s sake, don’t store your customers’ photo ID.

Regardless of the Managed Services company involved or how this happened, there is one thing that should be patently obvious.

If your business stores or thinks it needs to store photo ID, then you have a fundamental business problem. You won’t have the skills to implement secure storage, you won’t have the budget to get it done, and you won’t have the required practices even if you did.

Securing digital assets like a photo of a Passport is really hard. Even experienced and well-funded companies fuck this up regularly.

If you find your organisation must get verified identification, use an Identity Verification service such as https://gbg-greenid.com (no affiliation)

Organisation

Multiple Companies

https://breached.digital/breach/australian-hosting-provider-hacked-03-mar-2024/

Media Links

cyberdaily.au
PDF Copy

Official Statements

None provided
Twitter
LinkedIn