Authorities are investigating a “concerning” data leak that has resulted in the public release of dozens of high-profile phone numbers, including Prime Minister Anthony Albanese and Opposition leader Sussan Ley.
The information was allegedly obtained by a third-party data site using artificial intelligence to scrape sites, including social media profiles, for user details. It is then collated to create a digital phonebook.
Acting Prime Minister Richard Marles said the government was aware of the breach.
“We’ve notified authorities, and that is being worked through. But obviously, there is concern,” he told reporters on Tuesday morning.
The breach, initially reported by the Australian website Ette Media, allegedly involved the unauthorized acquisition of personal details belonging to leaders of both major political parties, along with Marles and former Prime Minister Scott Morrison. The sensitive information was reportedly “scraped” from professional networking sites, including LinkedIn.
Initial reporting by Australian website Ette Media claimed both major party leaders’ details, as well as those of Marles and former prime minister Scott Morrison, were “scraped” by the US-based site from professional networking platforms including LinkedIn.
It prompted Ley’s office to request that LinkedIn “remove the information” from the Opposition leader’s profile.
“This is obviously concerning, and we have reached out to LinkedIn to understand what occurred here. We are waiting for their response,” an Opposition spokesperson said.
As the investigation unfolds, the incident raises significant questions about the online security of public figures and the efficacy of privacy measures on digital platforms. The situation remains under close scrutiny as authorities work to resolve the breach and prevent future occurrences.
“In addition to the technology and teams we’ve long had in place to stop unauthorised data scraping, we continue to invest in new defences and take legal action when necessary, to detect and prevent our members’ information being used without their consent,” a LinkedIn spokesperson said in a statement.
The security breach follows new data from the Australian Signals Directorate (ASD), which shows 42 per cent of cyber incidents last year were the result of stolen credentials.
The agency responsible for detecting and disrupting malicious cyber threats released its annual report on Tuesday, revealing a rise of 11 per cent in cyber incidents.
ASD director-general Abigail Bradshaw said the way cyber criminals and state actors are gaining access to organisations, critical infrastructure, and businesses is changing.
“Networks are increasingly not being hacked, but are being breached through compromised or stolen credentials to gain unauthorised access,” she said.
In almost half of the incidents impacting large organisations, access was gained using real usernames and passwords, often stolen or bought by cyber criminals on the dark web.
Given that the access is genuine, instead of a hack, it is harder to track.
ASD urged Australians to opt out of using passwords and replace them with multi-factor authentication, among a series of other measures, to keep their families’ data safe.
