Hacker sent messages to thousands of Australians after compromising early warning system

Subscribers to Queensland Early Warning Network told: "Your personal data is not safe"

A hacker sent unauthorised warning messages to thousands of Australians over the weekend after compromising an official Early Warning Network.

The attacker compromised a login with illicitly gained credentials and used it to send out alerts warning subscribers about the system's security.

The messages were sent on Friday night via email, text and landline to subscribers of the network. They read: "EWN has been hacked. Your personal data is not safe. Trying to fix the security issues."

Aeeris, the company that operates the emergency alerting system, urged recipients of the false alerts to delete the messages and not click on the links provided in the messages.

The company claimed that it had detected the hacker's activity early and shut off the network straightaway. This limited the number of people who received the warning messages, it claimed, to only a small proportion of its subscribers. It added that no personal information of users was compromised as a result of the attack.

Neither the false alerts nor the links they provided were harmful to recipients.

According to Chris Cubbage, editor of the Australian Cyber Security Magazine, attacks of this nature are not new in Australia.

In July, an organisation issuing Aviation Security Identity Cards was hacked, raising concerns that airport security could be compromised by individuals bearing fake identity cards. A second breach happened in September when hackers accessed the database of the Perth Mint in Western Australia, compromising the personal information of 3,200 customers.

Many attacks could have been prevented if companies had implemented straightforward cyber security measures. It urged companies to install patches (along with backups) as a matter of priority, use multi-factor authentication and to restrict users' administrative privileges.