Sydney's Mosman Municipal Council website has suffered a security breach that made the details of nine council staff available for download. However, according to a statement on the Council's website no ratepayer information from the internal systems had been accessed.
The hack was made via an SQL injection exploit on a subsidiary Mosman sporting hall of fame website developed by the Council.
"It was able to initiate a data dump of some of our public-facing websites," reads the statement. "The information being made available is essentially what you are able to access when browsing our websites."
The council's IT manager told Computerworld Australia that nine user email accounts were leaked in one of the files and evidence left behind pointed to hacktivist group Anonymous, which is currently running a campaign called Operation Anti-Security aimed at government departments and banks around the world.
"The web editors’ passwords are encrypted, and are now being changed. There has been no unauthorised access to Council’s internal systems and those nine accounts were changed within an hour of the Council becoming aware of the SQL injection." he said.
The @AnonymousIRC Twitter account yesterday tweeted: "A wild leak appears: For a change, we sail to Australia this time: http://bit.ly/kL6EjM | #AntiSec | And the best is yet to come."
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU