A private company who provides various services for Australian based company’s has been hacked and had a dumped of user account details leaked. The company is Access Group Solutions (https://www.accessgroupsolutions.com.au) and they specialize in facility management, security services, clean, property maintenance and more. The attack comes from Australian hacker #DoktorBass and was posted to pastebin. The leak it self contains minor database information and a few tables of user accounts which all have emails and sadly clear text passwords. Interestingly the websites privacy policy states that they take every step to secure the users data that is stored within its website, clearly this is not the case.
Security We use a number of mechanisms to protect the security and integrity of personal data. Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk. Once any personal data comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification or disclosure.
So once again we are seeing yet another company who provides security as a service that is insecure itself, although this security service is based offline it really rasies many other questions. https://ozdc.net/archives.php?aid=2901 https://pastebin.com/ZLXznckD