ABC foul-up sees users' data exposed

The Australian Broadcasting Corporation (ABC) has sent an email to players of its latest augmented reality (AR) game "Bluebird", saying that names, email addresses and passwords were available for download via an archive for almost a month.

(Bluebird[AR] screenshot by Luke Hopewell/ZDNet Australia)

The Bluebird project was live for six weeks from the end of April as an online interactive drama game. Following the game's conclusion, the ABC sought to archive content from the game into a downloadable Adobe AIR version.

The ABC confirmed a Lifehacker report that a breach had occurred. Carolyn McDonald, head of marketing for ABC Innovation, told ZDNet Australia that between 9 September and 4 October, the names, email addresses and passwords of 880 Bluebird players were visible via the Adobe AIR archive.

She said that "in creating [the archive, ABC] transferred some files to make the AIR version and in doing so that's where the breach has occurred".

"Email address, usernames and passwords of each of the players was available unencrypted if you downloaded the PC version," she added.

McDonald understood that only the PC version of the AIR file is susceptible to the vulnerability.

While the file in question was reportedly downloaded only three times, the ABC is still taking the breach seriously.

The ABC contacted Bluebird's 880 users informing them of the error and strongly advised them to change any shared or common passwords.

"Whilst the exposure to these details is considered low, we would advise you to change your user credentials (eg, shared passwords for other sites), as appropriate," the email said.

Both McDonald and the broadcaster apologised for the error.