mySA GOV

Summary

South Australian government digital identity accounts on the mySA GOV platform were compromised in November 2021 through a credential stuffing attack. Attackers used passwords stolen in previous unrelated breaches to access accounts where users had reused the same credentials.

What Happened

Attackers obtained username and password combinations from previous data breaches at other services and tested them against mySA GOV accounts. Users who had reused passwords across multiple services became vulnerable when credentials from those other breaches were used to access their mySA GOV accounts.

The mySA GOV platform provides access to South Australian digital driver licences and other government services. Successful credential stuffing attacks gave unauthorised parties access to these digital identity accounts.

The South Australian government warned users about the breach and prompted those affected to secure their accounts.

Impact on Individuals

Users whose mySA GOV accounts were accessed faced risks including:

• Digital licence compromise: Unauthorised access to digital driver's licence
• Identity theft: Access to government digital identity credentials
• Account takeover: Attackers controlling legitimate government service accounts

The incident highlighted the risks of password reuse, where breaches at one service can cascade to compromises at completely unrelated services when users reuse credentials.

Organisational Response

The South Australian government issued warnings to affected users and implemented additional security measures. The incident prompted reminders about the importance of using unique passwords for different services, particularly for government digital identity platforms.

Users were advised to change their passwords immediately and ensure they used unique credentials for mySA GOV separate from other online services.