Cybercriminals hacked EWN’s systems and sent spam alerts to thousands of people across Australia

• Attackers hacked EWN’s systems, gained credentials to log in, and sent out spam-notification alerts to its customers across Australia.
• The hackers gained unauthorized access to EWN’s system and sent messages via text, email, and landline.

The Early Warning Network (EWN) which sends out emergency weather warnings Australia-wide, was hacked by cybercriminals on January 5, 2019. The attackers hacked EWN’s systems, gained credentials to log in, and sent out spam-notification alerts to its customers. The spam notification messages were sent via text, email, and landline calls to thousands of people across Australia.

What happened?

“EWN has been hacked. Your personal data is not safe. Trying to fix the security issues,” The spam message read, reported by ABC.

The message also included a link to a support email address and a website. “Email support[at]ewn[.]com[.]au if you wish to unsubscribe. ewn[.]com[.]au ASX AER,” the alert message added.

Upon learning about the incident, the company confirmed the incident on its website stating, “The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to log in and post a nuisance spam-notification to some of our customers.

“At around 9:30 PM [A]EDT 5th January, the EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWN's database,” EWN posted on its Facebook page.

The company also posted on Facebook that the message was sent via email, text message, and landline. “EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert,” the Facebook post read.

What was compromised?

Kerry Plowright, MD at EWN said, “the breach is believed to have come from within Australia and involved compromised login details”.

“This event did not compromise anybody's personal information. The actual data held in our system is just 'white pages'-type data, we deliberately don't hold any other personal information,” Plowright said.

Plowright also said that the link that was included in the message is non-malicious and customers’ personal information was not compromised in this incident. He further confirmed that the affected clients included local, state, and federal government agencies.

What actions were taken?

• EWN requested its customers to not click the links and to delete the message.
• The company is working closely with the Police department and the Australian Cyber Security Centre to investigate the incident and to prevent such incidents from happening in the future.

Moreover, EWN said that its systems were quickly back up and running, providing ongoing alerts for severe weather and natural hazard events.