A user on a popular hacking and data breach forum has created a post offering 100 Australian passports for sale.
Late last week, a post appeared on hacking forum BreachForums claiming to have access to 100 Australian passports leaked on 25 August.
The user behind the post – going by “HMKadmin123” – said they were selling a “large number” of Australian national passports at “good prices” for bulk buyers.
“I am selling a large number of australian (sic) national passports, new and unused documents,” read the post.
“Price starts at 700$... Quick sale price: 1000$.”
Although the hacker did not disclose how the allegedly leaked data was acquired, their post led potential buyers to unique passports as well as original portrait photos for seemingly legitimate persons.
It is unclear whether the hacker was attempting to sell physical passports or only leaked images of them.
The post from HMKadmin123 marks the second time in a month the hacker has listed Australian passports for sale, coming after they made a similar data leak claim on 23 July for a markedly larger 1,000 passports.
“I sell data 1000+ Australian passports including photo and scans,” read the post. “80% of them are still active.”
The July post from HMKadmin123 claims to have acquired leaked data during 2022 and 2023, stating they had “collected” documents from “many private leak sources”, including airports, hotels and loan companies.
Both of the hacker’s posts encouraged prospective buyers to get in touch via encrypted messaging app Telegram – a mainstay platform for online cyber crime communities.
On a dedicated Telegram channel called “HMK Document”, visitors had open access to a sample spreadsheet file with passport information – containing data fields such as “visa_fee” gender, birthday, full name, religion, nationality and more – as well as multiple screenshots of both portrait photos and passport ID pages.
Notably, some of the alleged passport leaks seemed to belong to children.
The Telegram channel, which has 194 subscribers and has been active since May 2023, is run by a group calling itself “HMK Group”.
The group claims to have been active for over a year, according to a celebratory message it posted on 26 July.
“Promotional Notice ‘Celebrating 1 year of HMK_Group’,” read the message.
“Sincerely thank customers for trusting and accompanying HMK_Group during the past time.
“We would like to send you a 10% discount program for all orders with a minimum quantity of 300 pieces.
“We are trying to improve to bring the best quality of service,” it read.
Despite being relatively new, the group has already shared further allegedly stolen data – mostly passports, driver licenses and ID cards – from the US, Canada, Turkey, Vietnam and Singapore.
While the listings for Australian data appears to be from differing sources, the most recent set of allegedly leaked data used a “GOV001_123a” naming scheme – driving concerns that the data could have originated from a breach of a government agency.
BreachForums won’t stay down
HMK Group’s most recent post was reportedly shared on two separate hacking forums, one of them being BreachForums – a once-leading cyber crime site linked to the landmark 2022 data breach at Australian telecommunications giant Optus.
The site has suffered multiple domain seizures from the Federal Bureau of Investigation (FBI) – which recently made major strides against the hacking community in March when it arrested BreachForum’s alleged operator.
Despite constant pressure from the FBI, the forum has continued to resurface under new domain names, with its current iteration sporting 22,845 members and over 100,000 posts.
In addition to data leak sales, the site casually boasts sections for hacking tutorials, compromised accounts and videogame leaks, as well as more innocuous pages such as world news and music discussion.
