Skip to main content
Hacking data

773M accounts affected by 'Collection #1' breach

Jan 18, 2019 - The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames. Titled 'Collection #1', the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.

Investigations continue into Facebook security issue

Oct 15, 2018 - We recently reported a security issue affecting an estimated 50M Facebook user accounts, between July 2017 and September 2018. Over the weekend, Facebook issued an update reporting that fewer people were impacted by the theft of access tokens than originally thought. 'Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen' Facebook reported.
Digital trade

Malicious insiders

Aug 13, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Automated alerts

Business email compromise

Jul 1, 2018 - Business email compromise (BEC) is an online scam where a cybercriminal impersonates a business representative to trick you, an employee, customer or vendor into transferring money or sensitive information to the scammer. To begin, a cybercriminal impersonates a trusted person using an email address that appears to be legitimate (this is known as "masquerading"). To do this, they may use a username that is almost identical to the trusted person's name, or a domain that is almost identical to the name of the trusted person's company. Alternatively, they could replace the "from…

2018 - Launching into action

Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.
Data protection

PageUp data incident

Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…
Petya ransom message

Update on the initial infection vector of the Petya ransomware campaign

Jun 29, 2017 - From reports and analysis performed to date, this version of the ransomware appears to have been delivered via a malicious software update for My Electronic Document (M.E.Doc), which is accounting software used by Ukrainian-based companies. It appears that almost all affected organisations can be linked back to Ukraine either through direct or indirect connections. While only a relatively small number of organisations have been impacted globally, for those affected the impact has been severe.