Cyber Incident Victim: Australia Post
Date:
Dec 2020
Location:
Australia
Summary
Visitors to the organization's website encountered an unauthorized offensive message stating "We’re smoking meth" in place of its usual news section, prompting social media attention. The compromised content was promptly removed after discovery, and the account responsible for posting it was disabled. An apology was issued, clarifying the message was not legitimate, though no official explanation confirmed whether the incident resulted from external compromise or internal misuse. While no data breaches or malicious code injections were confirmed, the event highlighted potential vulnerabilities in web content management systems that could expose users to risks if exploited further.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 5, 2020, visitors to Australia Post's official website encountered an unauthorized message displayed in the "Latest news" section of its eParcel login page. The message stated "We’re smoking meth," replacing standard operational updates. Customers observed the anomalous content and shared screenshots through social media platforms, prompting public awareness of the incident. Australia Post became aware of the issue through these reports and subsequently removed the offensive message from its webpage. The organization did not initially provide technical details regarding the compromise but confirmed the message was unauthorized.
Australia Post issued a public apology stating, "We apologise to our customers for the unauthorised offensive post. The offending message has been removed and we have disabled the account that posted it." This response indicated the compromise originated from a compromised account with posting privileges, though the exact vector (such as an RSS feed or content management system) remained unconfirmed. No evidence suggested broader system intrusions, credential theft, or data breaches affecting customer information. The incident primarily impacted brand reputation and user trust due to the public visibility of the defacement. While the organization mitigated the issue by removing the content and disabling the responsible account, the event highlighted potential risks associated with unauthorized content modifications, including the theoretical possibility of malicious code injection had attackers pursued further exploitation.