At least 60,000 users have had their address book information compromised following a cyberattack on Hongkong Post’s online mailing portal, the postmaster has said, adding that it is seeking advice to further enhance its system’s security.
Advertisement
Postmaster General Leonia Tai Shuk-yee could not confirm on Wednesday the exact number of individuals affected by the incident, revealing only that a hacker had accessed the address book data of 60,000 to 70,000 users of Hongkong Post’s EC-Ship platform during a cyberattack that occurred from Sunday night to Monday.
EC-Ship, a digital system operated by the government-owned postal service provider, allows individuals and businesses to prepare and pay for local and international mail services. Users can enter recipients’ personal information into an online address book and use the system to handle bulk mailings and track shipments.
Tai said the hacker had registered an EC-Ship account and used it to attack the system, adding that a vulnerability in the programming code led to some data being compromised.
“The system immediately suspended the account’s operation and blocked the attack. But the hacker launched multiple attacks using different methods and discovered a vulnerability in the system’s programming code,” Tai said on a radio show.
Advertisement
“[The hacker] is a real and valid user who used this identity to attack us, but we were able to mount a defence. Our system effectively detected some suspicious activity and initiated defences. But the attacker continued to use different methods while we were defending, resulting in address book data of other [EC-Ship] accounts being compromised.”
The postmaster said the compromised data included the names of senders and recipients, as well as company names, addresses, phone numbers, fax numbers and email addresses.