iTnews

ACT Education blocks student Gmail access after spam email storm

By Justin Hendry on Aug 14, 2020 5:05PM
ACT Education blocks student Gmail access after spam email storm

Education directorate confirms "incident".

ACT's Education Directorate has blocked all public school students from accessing their Google email accounts after they were spammed en masse on Friday.

The spam campaign emerged on Friday afternoon with an undisclosed number of students receiving dozens of emails, resulting in a reply-all “email storm”.

iTnews understands some of the emails link to lewd websites and Instagram accounts, while other messages tried to solicit inappropriate images.

One concerned parent, who is also an IT consultant, told iTnews that some student email accounts appeared to have been compromised, either through phishing or brute force.

He said these accounts, possibly suffering from weak credentials and the lack of two-factor authentication, were then used to spam internal mailing lists.

A spokesperson for the ACT Education Directorate confirmed that ACT public schools had experienced an "email incident" on Friday.

"The incident appears to have involved a spam email being circulated to students," the spokesperson said.

"These messages have included a range of material, including inappropriate material."

While the directorate is still investigating the "full extent of the issues", students have been blocked from accessing the Google email platform as a precaution.

"The Education Directorate has responded by blocking access to the Google platform by all students," the spokesperson said.

"Access will resume once the incident has been thoroughly investigated and appropriate controls put in place.

"Schools, parents and students are being advised if they received the email they should not forward it on and delete any copies they may have."

In a further update on August 18, ACT Education advised that its investigation had "confirmed no external body has hacked or exported information from our systems".

"The incident occurred when a student attempted to share their work with their classmates, accidentally using a global distribution list code," it said.

"Other students ‘replied all’ and a small number of students shared inappropriate content, including pornographic imagery."

ACT Education said it had worked over the weekend to "remove access to global distribution lists and rigorously test our systems to ensure students cannot again access the lists".

Students are expected to be able to access their email accounts by the end of the week. Google Drive and Google Classroom have already been restored.

Updated Tuesday August 18

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acteducationitemailgovernmentitschoolsecurityspamstudents

Partner Content

Teaching tech teams every step of implementing a machine learning project
Promoted Content Teaching tech teams every step of implementing a machine learning project
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Security through visibility: supporting Essential Eight cyber mitigation strategies
Promoted Content Security through visibility: supporting Essential Eight cyber mitigation strategies
The case for postponing mainframe migration has eroded
Partner Content The case for postponing mainframe migration has eroded

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Justin Hendry
Aug 14 2020
5:05PM
0 Comments

Related Articles

  • NSW Education had unknown vulnerability in breached system
  • NSW Education says cyber attack may have compromised contact data
  • NSW Education department hit by cyber attack
  • Parliament now blocking 82 percent of email impersonation attempts
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.