An attack on the Australian Defence Force Academy servers held at the University of New South Wales (UNSW) resulted in the loss of 20,000 user records.
According to a report in the Sydney Morning Herald the hacker, known as Darwinare, managed to break in and steal the records, including passwords and email addresses in a short space of time. He told the newspaper he was bemused by the lack of security. “I was very surprised I didn't get kicked out. So simple, it took like three minutes.'' he said.
The university said almost all of the stolen passwords were historical and could not have been used to access emails or other personal information and that it took “immediate action to mitigate the impact of this event''.
However, it warned that users may receive targeted spam or phishing attacks and that the names may be used to attempt identity theft. In the UK, the same hacker is alleged to have stolen over 600 users details from Amazon UK.