Alert Service Compromised to Send Out Spam Message
An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers.
The Queenland Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year:
At around 930pm EDT 5th January, the EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWNs database. This was sent out via email, text message and landline. EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert.
The service responded by launching an investigation into the incident. This effort revealed that the individual responsible used stolen credentials to gain access to the service and send out the spam message. This nuisance alert included a link that wasn’t harmful to customers who received it.
Kerry Plowright, managing director of EWN, told ABC News that the breach likely originated in Australia:
This event did not compromise anybody’s personal information. The actual data held in our system is just ‘white pages’-type data, we deliberately don’t hold any other personal information.
At this time, the EWN’s systems are online and providing ongoing alerts for severe weather and natural hazard events. The service also said that its investigation into the incident is ongoing with the help of Police and the Australian Cyber Security Centre.
This isn’t the first time that an emergency alert service has suffered a security incident. In March 2018, city officials confirmed they detected what they called a “limited breach” on a system that supports Baltimore’s 911 emergency services. According to Baltimore Police Commissioner Darryl De Sousa, the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/alert-service-compromised-to-send-out-spam-message/