WileyDec 17, 2022
MyGov security is a mess. I don't understand why there's no physical verification step when creating a new MyGov account.
https://www.abc.net.au/news/2022-12-18/ato-tax-hacked-via-mygov-services-australia-exploit/101781656
Fake myGov profiles are being used to hack ATO accounts. Sue found this out the hard way

A routine meeting with her accountant turned into a nightmare for Sue. The retiree is a model citizen for digital security hygiene, but her caution wasn't enough to protect her identity from hackers exploiting this loophole.

ABC News
Show threadFiona Tiffin

@wileyfuller my husband and I just had a discussion about that very article. We did our tax returns recently and even though I logged out of the ATO/MyGov, when he went to do his (and logged in under his MyGov) all of my tax data was showing. So he was logged in to his account with my tax/income/investment details showing. Sure, he could clear the cache but the point is, if I have logged out and he is using his log in, my details should not appear.

So when we saw this article, we were not surprised. And WHY, wouldn’t the ATO use a TFN as an identifier? It’s bizarre.

Dec 18, 2022 at 3:52amWeb
Show threadWileyDec 18, 2022
@Tiffinbitesized It seems like there are quite a few not so great behaviours that they need to figure out.