Share this article on:
Hackers have targeted the Australian office of the Interactive Advertising Bureau (IAB), posting thousands of customer details for sale to a clear web hacking forum.
A regular user who goes by the online moniker Frog shared the data on 14 August, claiming to have 4,400 lines of data in .csv format.
The data includes usernames and emails, as well as display names, log in details, session tokens, and hashed passwords. The passwords, however, appear to be hashed using the MD5 algorithm and are therefore highly difficult – if not outright impossible – to decrypt.
The apparent hacker also posted a sample of the data, and while it does seem to be legitimate, many of the email addresses are now out of date, suggesting this is not a recent dataset.
After reaching out to the IAB for comment, chief executive Gai Le Roy told Cyber Security Connect it is aware of the incident and is investigating the circumstances.
“It has come to our attention there has been a limited breach of our email database, resulting in a small number of email addresses, but no other sensitive or identifying information being accessed,” Le Roy told Cyber Security Connect via email. “We are currently investigating how this has occurred and immediately reviewing security processes.”
“We will follow the correct procedures in terms of notification and reporting.”
Frog has been active on the forums since they joined the site in April. Since then, they have posted a number of datasets from organisations worldwide.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.