Driving license of more than 54,000 Australians leaked due to a misconfigured Amazon S3 bucket; being sold on dark web hacker forums
If you are an Australian and living somewhere in New South Wales, your driving license is being traded on the dark web hacker forums for a price. According to Ukrainian security researcher, Bob Diachenko, a database containing the driving licenses of nearly 54,000 Australians is being sold on the dark web hacker forums to the highest bidders.
Diachenko got hold the database for analysis after it appeared on the dark web market place. He found that the database is mostly in the form of PDF and JPG file formats with over 109,000 images. The images contain the front and back page of driving licenses of nearly 54,000 individuals, all based in New South Wales, Australia. The database also contains toll gate receipts and other challans.
The database is from the New South Wales transport department and was leaked due to a misconfigured Amazon S3 storage bucket according to Diachenko. “The front and back of the licenses were available for access from a misconfigured Amazon S3 storage bucket and some data containing information related to Roads and Maritime Services Toll Notices were also procured”, says Diachenko.
The leak happened from the New South Wales Transport Department and could easily be the biggest data breach to hit the city of New South Wales. The leaked DL images and PDFs include the name, physical address, emails, date of birth, contact phone numbers, etc. The leaked DLs could be used for various purposes like skimming, scamming, or opening new bank accounts/taking loans/applying for new credit cards. The biggest danger is that they could be used for identity theft.
NSW Transport department issued a statement early today that they do not keep any toll data on their servers. They added that they are coordinating closely with Australian law enforcement agencies to investigate the data breach.