This weekend visitors to the Australia Post website may have seen a somewhat eyebrow-raising message.
For where the site normally displays “Latest news”, it was instead suggesting that postal workers were trying out a new technique for coping with the Christmas rush:
“We’re smoking meth”
Eagle-eyed customers spotted the bizarre message, and shared snapshots of it on social media. Once Australia Post had been informed of the issue it eventually removed the curious admission from its webpage.
I'm so sorry this came up today it's not at all appropriate and completely against our ethics. While this has now been corrected the cause is currently being investigated. Anthony please accept my sincerest apology for the message. Please enjoy your weekend. -Candice
— Australia Post (@auspost) December 5, 2020
There has been no official explanation that I have seen regarding what went wrong, but one hunch would be that Australia’s Posts “latest news” section is populated with information and updates posted elsewhere in its infrastructure, perhaps via an RSS feed.
If so, it may be that that resource managed to be compromised by hackers, who scrawled their drug-taking graffiti, and it was then seen by a wider audience via the Australia Post eParcel login page.
Alternatively, of course, it might just have been a very bored employee messing about…
Australia Post later issued an apology:
“We apologise to our customers for the unauthorised offensive post. The offending message has been removed and we have disabled the account that posted it.”
If that is the case then, hopefully, there is no reason to believe that the webpage’s login code was itself compromised or that any data has been stolen.
But if hackers are able to change the code which is shown on your website there is always the potential that they might embed malicious code or inject a malicious link designed to dupe users.
Keep an eye on your web presence, it’s always better if you can spot a problem yourself before it comes to the attention of your customers.