The Conversation
Subscribe
  • Academic rigour, journalistic flair
  • For curious minds
  • Expert news and views
  • Debate and ideas
  • From the curious to the serious

Hot Topics

  1. Gay marriage
  2. Australia in the Asian Century
  3. Convergence review
  4. Federal Budget 2012
  5. War on drugs
  6. Bob Brown
  7. Explainer
  8. Square Kilometre Array
  9. Medical myths
  10. Transparency and medicine

Unijobs.com.au website hacked, more than 600 passwords exposed

Hackers have infiltrated popular job-search website unijobs.com.au and posted the login details and passwords of over 600 users onto the public website Pastebin. Exposing login details is dangerous because many people use the same password for multiple sites. For example, details leaked in the unijobs…

Hacker
Because many people use the same password on multiple sites, hacks that expose login details can create new risks. Flickr/Davide Restivo

Hackers have infiltrated popular job-search website unijobs.com.au and posted the login details and passwords of over 600 users onto the public website Pastebin.

Exposing login details is dangerous because many people use the same password for multiple sites. For example, details leaked in the unijobs.com.au hack could be used to access someone’s PayPal account if the user has the same login and password for both sites.

Unijobs.com.au’s IT manager, Shammika Munugoda, said that no credit card details were exposed by the hack and that his team was working to fix the problem.

“We are trying to change all the passwords at the moment,” he said.

“We are trying to find where the problem is. We don’t have any credit card details, all we have are email addresses and what sorts of jobs they want to receive.”

A group known as BlackHatGhosts claimed responsibility for the hack on their Twitter feed.

“Btw, who said that we were the ones who "hacked” into unijobs? :P #SmartThinking,“ the group said on Twitter.

That message was followed by a tweet that said: “#LOL Just kidding, yes we did indeed gain access to their database. #Sowwy.”

Hacker news website Cyber War News reported earlier this month that a member of BlackHatGhosts, 21-year-old Daniel Stevens, was recently arrested for hacking.

Associate Professor David Glance, director of the University of Western Australia’s Centre for Software Practice, said the unijobs.com.au hack underlined the need for people to use separate passwords for different sites.

“This highlights how common it is and that the software industry, as a whole needs, to start rethinking how they do these commerce sites,” he said, adding that one should not make any assumptions about the level of security on any given website.

“Many people assume that because we are in Australia no one will bother but we are a globally connected world now.”

He said BlackHatGhosts probably hacked the site just for fun.

“One way of looking at it is they are doing everyone a service by exposing the site’s security shortcomings,” he said.

“It’s the sites you don’t get told about, where the information is sold on the blackmarket that are the issue.”

Join the conversation

Comments (2)

  1. Permalink
    Jarrod Kanizay

    Jarrod Kanizay

    CEO (logged in via email @kanizay.com)

    UniJobs did not get hacked into. This was a hoax. We also encrypt passwords, but at the time of this article being written, UniJobs never asked for its subscribers to create passwords. That's right, there were no passwords to indeed be got. What a furphy!

  2. Permalink
    Joel Courtney

    Joel Courtney

    Technologist (logged in via email @gmail.com)

    The more concerning aspect is that the database held the passwords in a readable format - without hashing and without unique salts. Unless I'm reading this incorrectly? (Though I'm unlikely to get comment on this from the site's owners, no?)