This weekend visitors to the Australia Post website may have seen a somewhat eyebrow-raising message.
For where the site normally displays “Latest news”, it was instead suggesting that postal workers were trying out a new technique for coping with the Christmas rush:
“We’re smoking meth”
Eagle-eyed customers spotted the bizarre message, and shared snapshots of it on social media. Once Australia Post had been informed of the issue it eventually removed the curious admission from its webpage.
I'm so sorry this came up today it's not at all appropriate and completely against our ethics. While this has now been corrected the cause is currently being investigated. Anthony please accept my sincerest apology for the message. Please enjoy your weekend. -Candice
— Australia Post (@auspost) December 5, 2020
There has been no official explanation that I have seen regarding what went wrong, but one hunch would be that Australia’s Posts “latest news” section is populated with information and updates posted elsewhere in its infrastructure, perhaps via an RSS feed.
If so, it may be that that resource managed to be compromised by hackers, who scrawled their drug-taking graffiti, and it was then seen by a wider audience via the Australia Post eParcel login page.
Alternatively, of course, it might just have been a very bored employee messing about…
Australia Post later issued an apology:
“We apologise to our customers for the unauthorised offensive post. The offending message has been removed and we have disabled the account that posted it.”
If that is the case then, hopefully, there is no reason to believe that the webpage’s login code was itself compromised or that any data has been stolen.
But if hackers are able to change the code which is shown on your website there is always the potential that they might embed malicious code or inject a malicious link designed to dupe users.
Keep an eye on your web presence, it’s always better if you can spot a problem yourself before it comes to the attention of your customers.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on “Australia Post isn’t smoking meth, despite what its website may have said”
We had full access to the websites master admin code and copied all data and deleted all consigmnets and changed the settings on auto scanning facilitys to purposely delay as many parcels as possible.
All agency data was deleted from eparcel along with the details of 50000ish consignments..
They stealing about 80m a year from the business account holders once you can see the data inside the system.
They steal from everyone so I'm.stealing from them.
But to see this in the news is truly heart-warming.
I still have full access to as we took over a number of accounts.
Data is now for sale for about 50k
Not to mention all the other methods and customer billing accounts we have access to.
Love <3 drug trafficking auspost customers
hi wannabe hacker