iTnews

ACT Education blocks student Gmail access after spam email storm

By Justin Hendry on Aug 14, 2020 5:05PM
ACT Education blocks student Gmail access after spam email storm

Education directorate confirms "incident".

ACT's Education Directorate has blocked all public school students from accessing their Google email accounts after they were spammed en masse on Friday.

The spam campaign emerged on Friday afternoon with an undisclosed number of students receiving dozens of emails, resulting in a reply-all “email storm”.

iTnews understands some of the emails link to lewd websites and Instagram accounts, while other messages tried to solicit inappropriate images.

One concerned parent, who is also an IT consultant, told iTnews that some student email accounts appeared to have been compromised, either through phishing or brute force.

He said these accounts, possibly suffering from weak credentials and the lack of two-factor authentication, were then used to spam internal mailing lists.

A spokesperson for the ACT Education Directorate confirmed that ACT public schools had experienced an "email incident" on Friday.

"The incident appears to have involved a spam email being circulated to students," the spokesperson said.

"These messages have included a range of material, including inappropriate material."

While the directorate is still investigating the "full extent of the issues", students have been blocked from accessing the Google email platform as a precaution.

"The Education Directorate has responded by blocking access to the Google platform by all students," the spokesperson said.

"Access will resume once the incident has been thoroughly investigated and appropriate controls put in place.

"Schools, parents and students are being advised if they received the email they should not forward it on and delete any copies they may have."

In a further update on August 18, ACT Education advised that its investigation had "confirmed no external body has hacked or exported information from our systems".

"The incident occurred when a student attempted to share their work with their classmates, accidentally using a global distribution list code," it said.

"Other students ‘replied all’ and a small number of students shared inappropriate content, including pornographic imagery."

ACT Education said it had worked over the weekend to "remove access to global distribution lists and rigorously test our systems to ensure students cannot again access the lists".

Students are expected to be able to access their email accounts by the end of the week. Google Drive and Google Classroom have already been restored.

Updated Tuesday August 18

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
act educationit email governmentit school security spam students

Partner Content

COVID-19 has increased the price of used IT gear
Partner Content COVID-19 has increased the price of used IT gear
What is Chaos Engineering? The art of breaking things purposefully
Partner Content What is Chaos Engineering? The art of breaking things purposefully
Four reasons to upgrade your business to fibre internet
Partner Content Four reasons to upgrade your business to fibre internet
The push to move Teams users to cloud telephony
Sponsored Content The push to move Teams users to cloud telephony

Sponsored Whitepapers

Adopting a Next-Generation Data Security Approach
Adopting a Next-Generation Data Security Approach
How to be a SOAR winner
How to be a SOAR winner
3 steps to a well-rounded cybersecurity plan
3 steps to a well-rounded cybersecurity plan
Learn IT Service Management (ITSM) best practises
Learn IT Service Management (ITSM) best practises
A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [Watch] Fulfilling the Promise of SD-WAN
  • Live Event: A Paperless Business
  • Ceridian INSIGHTS - Experience the future of HR - Virtual Event
By Justin Hendry
Aug 14 2020
5:05PM
0 Comments

Related Articles

  • DFAT exposes email addresses of Aussies stuck overseas
  • 'Heads should roll': NSW Labor slams extent of Service NSW hack
  • Service NSW still waiting to notify on data breach after four months
  • Victorian primary schools neglect privacy in software choices
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co sets a low bar to qualify for a full-fibre upgrade

NBN Co sets a low bar to qualify for a full-fibre upgrade
Toll Group still mopping up after ransomware attacks

Toll Group still mopping up after ransomware attacks
NBN Co reveals first locations with an FTTN upgrade path to full fibre

NBN Co reveals first locations with an FTTN upgrade path to full fibre
JB Hi-Fi trials on-demand delivery

JB Hi-Fi trials on-demand delivery
You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.