A concerning development has emerged on a prominent hacking and data breach forum, where a user known as “HMKadmin123” has posted an offer to sell 100 Australian passports.

This alarming incident unfolded on BreachForums, a platform notorious for discussions surrounding hacking and data breaches. The user claimed to possess access to 100 Australian passports, allegedly leaked on August 25, 2023. In their post, “HMKadmin123” indicated that they were willing to provide a significant quantity of Australian passports at competitive prices for bulk purchasers.

The post stated, “I am selling a large number of Australian national passports, new and unused documents”. Prices for these documents were advertised, starting at $700, with a quick sale price of $1000.

The method by which the hacker obtained this purportedly leaked data was not disclosed. Nevertheless, the post led potential buyers to believe they could access authentic passports, complete with original portrait photos, seemingly belonging to legitimate individuals.

It remains unclear whether the hacker intended to sell physical passports or merely leaked images of them.

This post by “HMKadmin123” marks the second instance in a month where Australian passports were listed for sale. An earlier data leak claim was made on July 23, offering a substantially larger batch of 1,000 passports.

The July post advertised, “I sell data 1000+ Australian passports including photo and scans”, with the claim that 80% of them were still active.

The hacker in question alleged that they had “collected” documents from various private leak sources, which included airports, hotels, and loan companies, during 2022 and 2023.

Both posts from “HMKadmin123” directed potential buyers to communicate via the encrypted messaging app Telegram, a preferred platform within online cybercrime communities.

On a dedicated Telegram channel known as “HMK Document”, visitors could access a sample spreadsheet file containing passport information, including data fields such as visa fee, gender, birthday, full name, religion, nationality, and more. Additionally, multiple screenshots of portrait photos and passport ID pages were made available.

Of notable concern, some of the alleged passport leaks appeared to involve minors.

The Telegram channel, operated by a group identifying itself as “HMK Group”, has been active since May 2023 and currently boasts 194 subscribers. The group claims to have been operational for over a year, as indicated in a celebratory message posted on July 26. This message expressed gratitude to customers for their trust and offered a 10 percent discount program for orders exceeding 300 pieces. The group also pledged to enhance its service quality.

Despite its relatively recent establishment, the group has already shared purportedly stolen data, primarily consisting of passports, driver’s licenses, and ID cards, from countries including the United States, Canada, Turkey, Vietnam, and Singapore. While the sources of Australian data listings appear diverse, the most recent set of allegedly leaked data used a naming scheme, “GOV001_123a”, raising concerns that this data may have originated from a government agency breach.

BreachForums continues to persist

This latest post by the HMK Group reportedly appeared on two different hacking forums, one of which is BreachForums, a site historically linked to the significant 2022 data breach at Australian telecommunications giant Optus. Despite enduring multiple domain seizures by the Federal Bureau of Investigation (FBI), including the arrest of BreachForums’ alleged operator in March, the forum has repeatedly resurfaced under new domain names.

Presently, it boasts 22,845 members and over 100,000 posts.

In addition to facilitating data leak sales, the site features sections dedicated to hacking tutorials, compromised accounts, videogame leaks, as well as more innocuous topics such as world news and music discussions.