Thousands of Australian shoppers have fallen victim to a major online hacking scam, affecting major brands.
Anthony Albanese has vowed to look at any measures possible to protect businesses from scams after thousands of online shoppers had their credit card details stolen by hackers in a major coordinated attack.
Large businesses including Dan Murphy’s, Event Cinemas and Guzman Y Gomez were targeted by cybercriminals who fraudulently accessed the online accounts of thousands of customers in the past months.
Scammers who purchased the stolen login details from overseas cyber-criminals then racked up thousands in online purchases.
Impacted customers had either saved their credit card details on company websites or have gift cards or store credit for online purchases.
The Prime Minister said cyber crime was a “huge issue” and represented a genuine threat to Australia and its economic security.
“This is a scourge and there are so many vulnerable people being ripped off who’ve acted in absolutely good faith and we need to make sure they are protected,” Mr Albanese said on Wednesday.
It comes as it was revealed in the Nine Newspapers that the cybercriminals took to online chat rooms to brag about buying iPhones, clothing and almost $800 of alcohol using unsuspecting Australian’s money.
Dan Murphy’s, Event Cinemas and Guzman Y Gomez have been contacted for comment.
While streaming service Binge was originally named, it has confirmed that its “customers remain unaffected by credit card scams including the one reported by Kasada and no credit card details have been compromised”.
“Credit card details are managed off-platform as part of the comprehensive cyber security systems we have in place,” a spokeswoman said.
“Our customer accounts are monitored 24/7 for cyber activity that may compromise accounts and we have advanced systems in place to block, re-set customer accounts, and notify affected customers, ensuring minimal risk.”
Major online retailer The Iconic was also hit by the scheme, known as ‘credential stuffing’, and vowed earlier this week to refund customers whose accounts were used to place fraudland orders.
Credential stuffing refers to when hackers use previously stolen passwords from one website and try to reuse them elsewhere.
Guzman Y Gomez is a business which was hacked. Picture: Kevin Farmer
Australia’s Cyber Security Centre received over 94,000 reports of cybercrime over the past financial year, an increase of 23 per cent from 2021-22.
The Albanese government admitted it fell victim to the nation’s largest ever government data breach on Monday after a hack allegedly carried out Russian-linked cybercriminals stole sensitive data from dozens of departments late last year.
Mr Albanese flagged a series of forums held by the Assistant Treasurer Stephen Jones who is investigating further measures to protect Australia from the growing threat of cyber attacks.
“We’ll look at any measures that are possible in order to protect consumers because that’s our priority,” he said.
Dan Murphy’s was also hit by the attack.
Monash University cyber security professor Nigel Phair said the best thing customers can to do protect themselves is to check their accounts for unusual activity and avoid reusing passwords across multiple websites.
“The issue is we’ve had all these data breaches over the last 18 months and dare I say there will be more coming into the future, and because of that, the criminals buy the details that are for sale on the dark web and replay them into all these different logins,” he said.
“The reason they are successful is because we reuse the same password over and over again in multiple online locations.”
Leave a Reply