The private email accounts of thousands of Australian government officials, Australian Federal Police, judges and members of Parliament have been exposed in a massive data breach at Yahoo.
The hack, which is thought to be the biggest in the world, impacted one billion accounts. The ABC reports that the private data of 3, 400 high profile Australians has been affected. Those affected include Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, Opposition Health Spokesperson Catherine King, and Liberal Senator Cory Bernardi.
Data provided by the Arizona cyber security agency InfoArmor, which alerted the Department of Defence to the leak last October, revealed that the log-in details for private Yahoo accounts that were linked to Australian government email accounts. Over 3, 000 government accounts were used as backup email accounts in case of password recovery.
The hack, which was reported by Yahoo in 2013, impacted one billion accounts. The stolen information doesn’t derive solely from Yahoo’s email service, but also includes Yahoo-affiliated services such as Tumblr and Flickr. Private information such as email addresses, passwords, security questions and phone numbers were all included in the breach. This information was then allegedly sold to cyber criminals or foreign intelligence organisations for $400, 000 per piece.
Although Yahoo has asserted that the culprit of the hack was “state-sponsored”, security experts have expressed doubts about this claim. Some experts have suggested Yahoo is trying to protect it’s image by claiming a state hack, rather than a unprecedented data hack by a small group. InfoArmor, which is utilised by law enforcement agencies to investigate data theft, asserted that the data was stolen form Yahoo in 2013 by an Eastern European hacker agency. The protracted lapse between the actual hack and Yahoo’s acknowledgement of the hack means that hackers (and buyers of hacked information) have had years to exploit the information.
This unparalleled breach is especially significant following the US election, which illustrated the power that leaked emails can have in influencing politics, and exposing private communications to public scrutiny.