Credentials Leak Leads to 4 Million Compromised Accounts in Medibank Data Breach

George Vulov
George Vulov
May 10, 2023
November 3, 2022
Don't Be the Next Headline.
Download the free ebook and see proven strategies to prevent a data breach from real-world examples.
Graphic of the scanning app

Medibank, one of Australia's largest health insurance providers is under increasing pressure from a recent breach, in which a massive amount of customer medical data was stolen.

How many Medibank customers are impacted has not yet been confidently confirmed, but the provided numbers range from two to four million customers.

The attacker responsible leaked a small number of records as a sample to prove how much customer data they accessed. The information stolen includes:

  • Names
  • Addresses
  • Dates of birth
  • Medicare numbers
  • Phone numbers
  • Medical claims data
  • Diagnostic information
  • Medical procedures
  • Location of medical services

As you can imagine, many Medibank customers and officials are very concerned about this data breach, which can easily lead to very private information being disclosed to their detriment. For example, privacy advocates and patients alike are deeply worried about potential discrimination on the basis of mental health related claims.

How did the Medibank data breach occur?

This recent data breach follows a string of recent attacks including the GTA6 leak and the Uber breach. All three of these attacks were initiated the same way, with theft of user account credentials. Once the attacker gained a foothold in the network, they were able to look for information in a variety of locations.

Additional details are limited as the forensics investigation from Medibank is still ongoing.  However, the hackers have claimed the following:

“We have 200GB sensitive data... from your RedShift Cluster. All source code from stash, confluence documentation, and keys for decrypting Credit Cards”

(From: How Medibank joined Optus in hack hell)

How can you protect yourself?

Soteri Security Scan Finding Leaked Credentials

There have been quite a few breaches involving stolen credentials this year. As all security professionals know, security involves a variety of tools and controls to protect the network.

Soteri’s Scanning via REST API is one such tool which can be used to look for credentials via an external API, helping to detect credentials stored in unique locations where they shouldn’t. Soteri also provides integrations for Atlassian’s Bitbucket Data Center and Atlassian’s Confluence Data Center and Confluence Cloud. Check out Soteri’s integrations here.