AusCERT says alleged DoE hack came from a third-party
Red Background with Binary Code Numbers. Data Breach Concept
The Australian Computer Emergency Response Team (AusCERT) denied claims today that hackers had breached the Department of Education, Skills, and Employment (DoE), and downloaded the personal details of more than one million students, teachers, and staff.
Rumors of a supposed hack first surfaced yesterday after a hacker shared an archive file on a hacker forum, which they initially advertised as data obtained from the Australian DoE.
According to a screenshot of a now-deleted forum post, the hacker claimed the data contained more than one million records for Australian students, teachers, and DoE staff, that they obtained back in 2019.
Actor hacked and dumped the Australian department of education's database containing 1,000,000 records of students, teachers, and staff.
— Alon Gal (Under the Breach) (@UnderTheBreach) September 1, 2020
The leak contains information such as emails, names, and hashed passwords. pic.twitter.com/MmewoWPuWE
However, AusCERT says that such a hack never took place.
In a statement posted on its website, AusCERT said that after analyzing the data with cyber-security firm Cosive, it determined that the leaked data originated from K7Maths, an online service providing school e-learning solutions.
"It's likely that the data came from an exposed Elasticsearch instance," AusCERT said, also adding that this was not a new leak, and had been previously shared online already, back in March 2020.
Per AusCERT, the leaked data contained details such as first names, emails, password strings, and K7Maths site settings.
"There are no plaintext passwords exposed, just bcrypt hashes, although they can be cracked with enough effort," AusCERT said.
The non-profit organization, which provides cyber-security alerting services for the Australian public and private sector, said that only the email addresses and country of origin fields in the leaked data count as "personal information," and the leak is not severe enough to trigger a need to notify victims via a data breach.
AusCERT is now urging Australian schools to check if their staff are using the K7Maths service for their daily activities, and take appropriate measures, such as resetting the teacher and students' password, in case they had re-used passwords across other internal applications.
Furthermore, AusCERT says that staff accounts should also be monitored for suspicious logins, just in case an account is compromised and used to access school resources.
K7Maths could not be immediately reached for comment. ZDNet will update this article with a statement from the company if it wishes to issue one.