Hackers broke into a server at the University of Technology Sydney and published the usernames and passwords of dozens of staff accounts on a UTS web page.
On the defaced page the hackers identified themselves as "Apollo" and "0day" and wrote "Greets to ASIO, sup boys" before ridiculing UTS over its security.
"Dear, Ugliest Tower in Sydney. Hire some staff who actually know what they are doing," the hackers wrote.
Anne Dwyer, UTS deputy vice-chancellor (corporate services), said the breach was detected by the university's IT staff at 7:45am on Saturday. Dwyer said the affected machine was locked down and services were restored by 9am on Sunday.
However, the website that was defaced, datasearch.uts.edu.au, is still offline.
Dwyer downplayed the impact of the hack but said the university, working with external security experts, was still investigating the source and nature of the attack.
"There is no evidence of risk of compromise to any of the university's core systems," she said. "The data collected was sourced from a low-security risk database."
Searching the datasearch.uts.edu.au domain via Google shows that before it was taken offline, the site hosted a student login page, staff directory, course search and other information about the university.
But UTS said the attack affected a single server that was "used to publish news and events information".
The dozens of account details published appear to be dated, as the accompanying information said most of the accounts were last modified between 2002 and 2004.
UTS said all current staff members represented in the leaked data had been checked and "it is certain there was no compromise of their accounts".
Professor Michael Fraser, director of the UTS communications law centre, told a parliamentary committee in March that the internet would resemble a "rubbish web" in 5 to 10 years unless governments and businesses fix the holes that allow cyber criminals to ply their trade.
"The public internet will be abandoned by the public for any serious communications or transactions, and it will be left for games, gambling, pornography and other such uses," Professor Fraser said, as reported in a recent Fairfax article on cyber-crime.
Fraser said those without a secured system like the one at UTS were particularly vulnerable to hackers.
This morning, asked to comment on the UTS system security in light of recent events, Fraser said: "I think it's been abundantly shown that all systems without exception that are connected to the web, and even those that aren't, are vulnerable to cyber crime."
Do you check your smartphone in bed?Related story: Smartphone etiquette - should you take it to bed?