Illicit Medicare data vendor offers Australian email accounts, credit cards

Login details for email accounts of Australian ISP customers listed on darknet site

The vendor behind the ‘Medicare machine’ service that sells access to individuals’ Medicare numbers also claims to sell email credentials for customers of major Australian ISPs as well as credit card numbers linked to Australian businesses.

The government revealed this morning it has referred to the Australian Federal Police the illicit service based on a marketplace site concealed using Tor.

Guardian journalist Paul Farrell reported that he had been able to purchase his own Medicare number from a “darknet trader”. The service requires a purchaser to provide the name and date of birth of an individual whose Medicare details they are seeking.

Human services minister Alan Tudge said this afternoon that the Medicare data on sale is not the result of “cyber security breach of our systems as such” but of a “traditional criminal activity”.

The ‘Medicare machine’ vendor also has for sale alleged email password details for customers of Optus, Adam Internet, Bigpond, Westnet, iiNet, Internode and TPG.

The Bigpond listing indicates that 274 email logins have been sold since June 21, 2015, out of 8671 available. In June, five customers left positive feedback for the service.

Contacted vendor after several failed attempts to login using different browsers,” one states. “Few hours later, I was given 3 fresh logins. Well compensated. Certainly be back.”

The email logins range in price from US$3.78 to $7.56.

The vendor also says he offers scanned PDF payment receipts containing “the credit card details of a random Australian business”.

“These are from a company operating in Melbourne offering services to mostly extremely high profile clients. This makes the cards resilient, high limit and mostly Amex Business/corporate, but there's plenty of Visa and Mastercard too.”

Thirteen credit card numbers have been sold since June 17 this year, the listing states.