New Zealand companies caught up in huge global data hack

4:33 pm on 18 January 2019

Nine New Zealand websites have been compromised in a huge online data breach.

Hacker working on hacking some information. Cyber scam. 13 November 2018

The data breach is the third largest ever and the largest in which the stolen information has been made public, according to a technology magazine. Photo: 123rf.com

More than 770 million email addresses and passwords, totalling 87 gigabytes of data, have been posted online in a hackers' forum.

The technology magazine Wired said they appear to have been stolen from more than 2000 websites around the world.

The nine New Zealand websites targetted predominantly belong to smaller companies.

No credit card information is included in the leak, only email addresses and passwords.

One of the companies affected by the breach, Auckland florist Blooms Online, said it had no idea of the breach until contacted by RNZ but would be changing all passwords.

Wired magazine believes the data breach to be the third largest ever, and the largest in which the stolen information has been made public.

The data breach file is named "Collection #1" and was first reported by Australian security expert Troy Hunt.

Speaking to Wired, Mr Hunt described the breach as "a completely random collection of sites purely to maximize the number of credentials available to hackers".

"There's no obvious patterns, just maximum exposure."

Mr Hunt runs the website "Have I Been Pwned?" which allows you to check if your email addresses have been compromised.

He also told the magazine at least 140 million email accounts and their passwords are new to his database, which means they have not been breached before.

Other New Zealand websites involved are:

  • equestrianentries.co.nz
  • millenniumcareers.co.nz
  • kiwipainting.co.nz
  • oldship2u.co.nz
  • shiftme.co.nz
  • socialise.co.nz
  • taurangaknitting.co.nz
  • maori.org.nz

Get the RNZ app

for ad-free news and current affairs