Industry News

Scientists’ Usernames, Passwords Possibly Stolen in Synchrotron Hack

Hackers have allegedly hacked the Australian Synchrotron User Portal website, potentially stealing a database containing email addresses and encrypted passwords of scientists and researchers who request time to use the Synchrotron atom-smashing facility.

While the facility is used by scientists to research sub-atomic particles, biomedicine and manufacturing, it’s unclear what the leveraged vulnerability was and how could this incident affect the facility. Following the breach, an email has been sent to all users requesting a preventative password change to avoid any other security issues caused by stolen credentials.

“The Australian Synchrotron apologises to users of the Australian Synchrotron User Portal for an incident that occurred on Friday the 27th of January whereby the email address and encrypted password of registered users were obtained by unauthorised persons though the exploitation of a security vulnerability,” reads the email sent to all those potentially affected.

It’s unclear how the passwords were stored and the level of encryption used to scramble them. If they were unsalted MD5 hashes, it could raise serious security concerns, as they could easily be decrypted and viewed in plain text. Plus, if affected scientists used the same credentials for other websites, as cybercriminals could use them to gain access to other accounts and data.

However, a Synchrotron spokesperson said the affected database and systems were isolated from other critical systems and the chances for cybercriminals to have accessed other databases are remote.

“As a precautionary measure, all users have been required to reset their passwords,” added Synchrotron’s spokesperson.

Scientists who use the affected portal are strongly encouraged to change their passwords and generate new ones using security best practices.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.