As the first week of the year comes to an end, thousands of Australians have received the news nobody wants to hear: that their personal data has been breached by hackers. The two companies impacted by the cyber-attacks are massive online retailer The Iconic, and the Melbourne travel agency Inspiring Vacations.
Having your personal information accessed by hackers is something nobody ever wants to go through. It happened to countless of Australian’s in 2022 with the Optus data breach and Medibank hack, and now it’s happened again; causing thousands of Aussie’s potential grief.
The Iconic’s account fraud
Various reports have appeared online of The Iconic’s customers claiming that they experienced fraudulent activity and log-in attempts, with purchases worth hundreds of dollars being made on some people’s accounts.
On Monday a Redditor shared the story of how their wife’s account was “fraudulently accessed” by an intruder who then spent $700 using the card attached to the account.
Urgent Call to The Iconic for Improved Account Safety Measures
byu/eliviking inaustralia
The unlucky user called for the online retailer to add two-factor authentication to their system in order to prevent this from happening further. They also stated that using the online platform was easier to get The Iconic’s attention as “contacting them is laughably convoluted and slow.”
One person told the ABC they’d discovered a hacker had spent $1500 at The Iconic using their card, while another said their card had been used to spend $703.95.
However in a statement made by The Iconic, the retailer asserted that these instances were NOT because it had been the victim of a mass data-breach.
“We have recently seen an increase in fraudulent account login attempts on The Iconic, which our security and fraud teams continue to actively manage, in conjunction with our security partners,” a spokesperson said.
“We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic.”
On Tuesday, The Iconic sent a mass email out to all its customers communicating the importance of changing passwords regularly with “scam activity and online fraud on the rise in Australia and New Zealand”.
Thankfully, in a piece of good news for the victims, The Iconic stated that all customers affected by these fraudulent account purchases will receive full reimbursement from the company.
Inspiring Vacations data breach
Meanwhile, thousands of Victorian travellers have had their information leaked after travel agency Inspiring Vacations was hacked.
The agency disclosed that it was now investigating a breach that happened last November, which saw over 112,000 personal records from their database published.
This number does not mean that 112K customers were impacted, but that this number of pieces of data — such as passport photos, or plane tickets — have been shared online. The number of individuals impacted is estimated to be in the thousands.
The cybersecurity researcher tasked with investigating the breach, Jeremiah Fowler, told the SMH that the reason customer’s personal data was able to be viewed was due to a misconfiguration in Inspiring Vacations’ cloud storage that allowed public access — meaning that there was no password in the way to protect the customers’ details from prying eyes.
Fowler said hacks of this nature could lead to identity theft and extortion.
“Hypothetically, passport data could be used for identity theft, allowing criminals to open accounts, apply for credit cards, or conduct fraudulent activity in the victims’ names,” he said to the paper.
Exactly how long the database was open to hackers for is unknown. It has now been secured.
Australian law dictates companies must report cyber attacks to the Australian Cyber Security Centre.
Might be a good time to check that your online accounts are safe people! Always remember to change your passwords reguarly, and also ensure that you aren’t using ones that are incredibly easy for hackers to guess like 50% of Aussies.
I wanna see upper AND lower cases, no repeated numbers, and a butt-load of special characters. And if I even hear a whiff of one of you using “password” as your password, then you can expect to receive a very stern email soon — from your own account.
[Image source: The Iconic]
