Australia Post isn’t smoking meth, despite what its website may have said

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Australia Post isn't smoking meth, despite what its website may have said

This weekend visitors to the Australia Post website may have seen a somewhat eyebrow-raising message.

For where the site normally displays “Latest news”, it was instead suggesting that postal workers were trying out a new technique for coping with the Christmas rush:

“We’re smoking meth”

Eagle-eyed customers spotted the bizarre message, and shared snapshots of it on social media. Once Australia Post had been informed of the issue it eventually removed the curious admission from its webpage.

There has been no official explanation that I have seen regarding what went wrong, but one hunch would be that Australia’s Posts “latest news” section is populated with information and updates posted elsewhere in its infrastructure, perhaps via an RSS feed.

If so, it may be that that resource managed to be compromised by hackers, who scrawled their drug-taking graffiti, and it was then seen by a wider audience via the Australia Post eParcel login page.

Post page

Alternatively, of course, it might just have been a very bored employee messing about…

Sign up to our free newsletter.
Security news, advice, and tips.

Australia Post later issued an apology:

“We apologise to our customers for the unauthorised offensive post. The offending message has been removed and we have disabled the account that posted it.”

If that is the case then, hopefully, there is no reason to believe that the webpage’s login code was itself compromised or that any data has been stolen.

But if hackers are able to change the code which is shown on your website there is always the potential that they might embed malicious code or inject a malicious link designed to dupe users.

Keep an eye on your web presence, it’s always better if you can spot a problem yourself before it comes to the attention of your customers.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Australia Post isn’t smoking meth, despite what its website may have said”

  1. Anonymous

    Trust me.

    We had full access to the websites master admin code and copied all data and deleted all consigmnets and changed the settings on auto scanning facilitys to purposely delay as many parcels as possible.

    All agency data was deleted from eparcel along with the details of 50000ish consignments..

    They stealing about 80m a year from the business account holders once you can see the data inside the system.

    They steal from everyone so I'm.stealing from them.

    But to see this in the news is truly heart-warming.

    I still have full access to as we took over a number of accounts.

    Data is now for sale for about 50k

    Not to mention all the other methods and customer billing accounts we have access to.

    Love <3 drug trafficking auspost customers

    1. im a person · in reply to Anonymous

      @Anonymous
      hi wannabe hacker

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.