Realestate.com.au hit by cyber attack – what you can learn

Businesses should learn from the recent incident at Realestate.com.au in which a private database was stolen in a cyber attack, and work with their web developers to ensure their website is as strong as possible.

The incident, which is reportedly now being investigated by Victoria Police, occurred earlier this week. The site’s subscriber database was accessed illegally, and had been used by a third party to send out emails requesting money for property inspections.

The site has confirmed an attack occurred earlier this week in which subscriber data was stolen and used by a third party.

“We cautioned our subscriber database earlier this week to be aware of any unwelcome eBrochures which they may have received,” Realestate.com.au sales and operations general manager Peter Wright told The Australian. “We ask consumers to ignore or delete the email.”

In an alert to subscribers, Wright said the eBrochure was a scam, but that no other lists have been affected and users should feel free to open official emails sent from the site.

“We have been informed of fraudulent activity using our electronic Brochure and Email Alert mailing list, where people are asked to send money to arrange an inspection on a featured property. If you have received these emails please do not respond as they are a scam.”

Anthony Edwards, technical support manager at TrendMicro Australia, says businesses must ensure they are protected from outside threats by communicating with their web developers and regularly testing their sites against threats, an industry expert has warned.

“A lot of the attacks on publically accessed sites are going after this sort of data. So you need to ensure you have good website programming practices, secure coding on your site for web applications – these things are absolutely necessary.”

“At the end of the day, normal virus software is not going to help when it comes to people attacking you through your site in this manner. So web developers and programmers need to keep watch on this sort of thing.”

Edwards says a number of attacks occur on publically available sites in order to mine databases for scams. He says too many online businesses don’t take this sort of security seriously enough, and focus too much on internal protection.

“Knowing what to do in response to an attack like this is a tough one, because it relies on the business being aware that they’ve been compromised – which often doesn’t happen. You hear about credit card information being stolen, and the companies involved having no idea for some time.”

Edwards says business owners must discuss how to deal with these incidents and what safeguards should be put in place.

“In any public-facing system that has a link back to a database, most definitely the web app team have a very big role to play in making sure that site is secure. Good coding practices, regular testing and then general security around that are the most important things.”

COMMENTS