AFP Investigating Qnect Hack, Exposing UNSW Students’ Personal Information

By Dominic Giannini, Online Sub-Editor


Qnect, a start-up social ticketing platform used by multiple UNSW student societies, has been hacked by a clandestine group, RavenClaw.


Founder and CEO of Qnect, Daniel Liang, has confirmed that no financial data was stolen, as it is held with third-party payment processor, Stripe. However, personal information – including names, emails and mobile phone numbers – was accessed.


The Australian Federal Police is involved and investigating.


It is unclear when the hack took place, but students and users of the payment service were notified of the breach via email on Wednesday morning, after some users received a text message from the hacker(s) on Tuesday night.


The text message claimed that “there was a third security incident with the qnect service” and threatening the publishing of email and credit card information unless Qnect pays a ransom in the form of BitCoin, the untraceable cryptocurrency.

“Some user emails and phone numbers have been leaked, but our cybersecurity measures prevented any leak of customer financial data, and further personal information remains secure,” Liang told Tharunka.


“Qnect is working with the relevant authorities to ensure there is no further breach.”


According to Liang’s personal Facebook page and LinkedIn profile, the ticketing platform has garnered over US$1.2 million worth of transactions in the 9 months leading up to February 2017.


Qnect is used by 256 university societies and 50,000 users across 11 universities.


These include prominent UNSW societies including the Law, Engineering, Business and Arts societies as well as a range of societies across UTS, the University of Sydney and Macquarie University.


The UNSW Law Society uses Qnect for events such as its annual Law Ball, whose tickets went on sale on Monday, and has advised Law students involved to change Facebook and email passwords, and to disallow Qnect permissions on Facebook.





, ,