2000 hacked SA drivers urged to change licence number

More than 2000 South Australian residents face having to change their driver’s licence number after their mySA GOV accounts were compromised by attackers using passwords stolen from the hack of an unrelated website.

South Australia’s Department of Infrastructure and Transport has blocked the passwords of 2601 mySA GOV accounts after they were compromised in the attack, the agency said in a statement.

The department has advised that while there is no evidence of any unauthorised transactions on any mySA GOV accounts, it has notified all affected customers of unauthorised access to their accounts.

Because their details may have been accessed, the department is encouraging all affected customers to change their driver’s licence number at a Service SA Centre, and to change their mySA GOV passwords.

The attack serves as an important reminder to never reuse a password, according to Knowbe4 Security Awareness Advocate Jaqueline Jayne.

“The passwords in this instance were obtained from an unrelated website that cybercriminals hacked. What they do from here is use an automated process to use the illegally obtained passwords along with already publically available UserIDs to try to log in into other websites,” she said.

“The concern is that 2008 of these [hacked] accounts contained registration and licensing information. This information can be used to steal identities, open bank accounts, apply for credit cards and cause disruption and stress to the victims.”

Jayne said it is essential that web users select a unique password for every account, and acquire a password manager to keep track of the myriad of passwords needed.

Auth0 GM for APAC Richard Marr said a recent survey by the company found that nine in 10 Australian consumers reuse passwords across more than one account.

“Australian consumers are frustrated with the standard password and username method of authentication. Consumers want to use digital services, but if the login process is clunky or frustrating, they will take their businesses elsewhere,” he said.

“Organisations are often apprehensive that cybersecurity will take away from user experience. With the complexity of today’s attacks, organisations need to find the right balance between ease and security, by making changes to the login process offering more secure and convenient alternatives to passwords. What makes things more difficult for hackers to access an account can sometimes make it harder for legitimate users to access their accounts, if not done correctly.”

Image credit: ©stock.adobe.com/au/jamdesign