Unijobs.com.au website hacked, more than 600 passwords exposed

Because many people use the same password on multiple sites, hacks that expose login details can create new risks. Flickr/Davide Restivo

Hackers have infiltrated popular job-search website unijobs.com.au and posted the login details and passwords of over 600 users onto the public website Pastebin.

Exposing login details is dangerous because many people use the same password for multiple sites. For example, details leaked in the unijobs.com.au hack could be used to access someone’s PayPal account if the user has the same login and password for both sites.

Unijobs.com.au’s IT manager, Shammika Munugoda, said that no credit card details were exposed by the hack and that his team was working to fix the problem.

“We are trying to change all the passwords at the moment,” he said.

“We are trying to find where the problem is. We don’t have any credit card details, all we have are email addresses and what sorts of jobs they want to receive.”

A group known as BlackHatGhosts claimed responsibility for the hack on their Twitter feed.

“Btw, who said that we were the ones who "hacked” into unijobs? :P #SmartThinking,“ the group said on Twitter.

That message was followed by a tweet that said: ”#LOL Just kidding, yes we did indeed gain access to their database. #Sowwy.“

Hacker news website Cyber War News reported earlier this month that a member of BlackHatGhosts, 21-year-old Daniel Stevens, was recently arrested for hacking.

Associate Professor David Glance, director of the University of Western Australia’s Centre for Software Practice, said the unijobs.com.au hack underlined the need for people to use separate passwords for different sites.

"This highlights how common it is and that the software industry, as a whole needs, to start rethinking how they do these commerce sites,” he said, adding that one should not make any assumptions about the level of security on any given website.

“Many people assume that because we are in Australia no one will bother but we are a globally connected world now.”

He said BlackHatGhosts probably hacked the site just for fun.

“One way of looking at it is they are doing everyone a service by exposing the site’s security shortcomings,” he said.

“It’s the sites you don’t get told about, where the information is sold on the blackmarket that are the issue.”