Australian Red Cross Blood Service Breached And Over 550,00 Donors Details Exposed

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Hackers have breached and leaked personal data of more than 550,000 donors from Australia’s Red Cross Blood Service. The details leaked includes the email addresses, gender, date of birth, phone number and blood donation date of the organisation’s donors between 2010 and 2016.

The hackers have appeared to simply scanned Internet IP addresses to look for exposed web servers that returned directory listings. Showing a public listing of the file contents of the server is a well-known risk and there is rarely a valid justification for this. By making the backup convenient to access the Australian Red Cross Blood Service essentially exposed its data to opportunistic hackers.

“This is literally as simple as going to an address such as http://127.0.0.1 and seeing a list of all the files on the system (sample address only). He’d then look to see if any of those files contained a .sql extension which would indicate a database backup… and that is all” according to a security expert – Troy Hunt. He added that this is the biggest data leak Australia has suffered.

Those affected have been sent a text message that reads: “The Blood Service has identified a potential data issue that may affect you” with a link to the blood service’s website for more information.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply