Customer details of Queensland printing firm posted on hacking forum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Customer details of Queensland printing firm posted on hacking forum

Emails and cracked passwords are included in the dump, including at least addresses.

The details were posted for sale on a popular clear web forum on 11 October, after they had apparently been obtained the week before.

“Australian retailer database dumped by me one week ago,” the poster wrote. “2,059 customer information including email, name, phone, address and password hash.”

1300epromo is a Queensland-based promotional company specialising in branded merchandise and uniforms.

The more than 2,000 lines of data appear to be customer details and include both commercial and government email details. Also included are login IDs for each customer, alongside business addresses and phone numbers.

“Many of the emails are domain mails for other companies in Australia, including mails, company mails and custom Outlook mails for companies, AU government and universities,” according to the post.

More alarmingly, while the included passwords are all hashed, the poster claims to have cracked nearly half of them.

“I cracked over 1,000 of the passwords and included them in an email:pass formatted .txt file,” the poster said.

Also included is a sample selection of the data, which does, in fact, include at least one email address belonging to the Museum of Tropical Queensland. The sample data is predictably broad, including beauty companies, property firms, insurance companies, and at least one charity.

“I checked some email:pass combos manually, and about 50 per cent were valid on Outlook, Gmail or other domains (Outlook & Gmail protected by 2FA though),” the poster said. “Did not check with a checker; maybe you’ll get some good use/access from it. Enjoy!”

Cyber Daily has been in contact with 1300epromo, but the company has so far declined to comment.


Click Here For The Original Story From This Source.

National Cyber Security