Forum

 
  Back to OzPolitic.com   Welcome, Guest. Please Login or Register
  Forum Home Album HelpSearch Recent Rules LoginRegister  
 

Pages: 1 2 3 ... 17
Send Topic Print
Optus customers hacked. (Read 8371 times)
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Optus customers hacked.
Sep 22nd, 2022 at 6:43pm
 
Damn - I'm with Optus.

https://www.dailymail.co.uk/news/article-11237723/Optus-hacked-exposing-millions...


Personal details of nearly 10 million Optus customers are leaked
in one of Australia's biggest cyber attacks ever -
here's what the hackers know about YOU



...


    Nearly 10 million Optus customers have personal details taken in cyber attack
    Optus is advising customers to check bank accounts for suspicious activity
    The telco giant has notified key financial institutions about this matter
    Customers' payment details have not been compromised in the attack

By Cameron Carpenter For Daily Mail Australia

Published: 13:56 AEST, 22 September 2022 | Updated: 15:13 AEST, 22 September 2022


Close to 10 million Optus customers have been urged to check their accounts after their personal details were stolen in what is believed to be one of the biggest cyber attacks in Australian history.

Hackers stole 2.8 million customers' passport and drivers licence numbers, email and home addresses, dates of birth and telephone numbers after reportedly exploiting a weakness in the company's firewall.

The remaining seven million had their dates of birth, email addresses and phone numbers stolen.

Optus chief executive Kelly Rosmarin says the company is working with the Australian Federal Police to investigate the attack.


Back to top
 
 
IP Logged
 
Dnarever
Gold Member
*****
Offline


Australian Politics

Posts: 57062
Here
Gender: male
Re: Optus customers hacked.
Reply #1 - Sep 22nd, 2022 at 7:25pm
 
Optus have been a disaster for Australia since the first day that they were sponsored into the Australian market.
Back to top
 
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #2 - Sep 22nd, 2022 at 7:27pm
 
Dnarever wrote on Sep 22nd, 2022 at 7:25pm:
Optus have been a disaster for Australia since the first day that they were sponsored into the Australian market.



It's outrageous -
someone needs to be punished.

Back to top
 
 
IP Logged
 
Dnarever
Gold Member
*****
Offline


Australian Politics

Posts: 57062
Here
Gender: male
Re: Optus customers hacked.
Reply #3 - Sep 22nd, 2022 at 7:46pm
 
Interesting they say past customers, that means that the keep all the information of people who are not their customer.
Back to top
 
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #4 - Sep 23rd, 2022 at 11:22am
 
https://www.theguardian.com/australia-news/live/2022/sep/23/queen-elizabeth-anth...


Optus CEO says 9.8 million customers affected by data attack
under 'worst case scenario'


Josh Taylor

Optus customers dating back to 2017 may be caught up in the massive hack of the telco’s customer database, the company’s CEO has revealed.

Kelly Bayer Rosmarin told reporters on a media call on Friday that the company is still not sure exactly how many customers had their personal information – including name, phone number, date of birth and in some cases passport or driver’s licence numbers – compromised in the attack, but that 9.8 million was the “worst case scenario”.

She said:

    We have reason to believe that the number is actually smaller than that. But we are working through reconstructing exactly what the attackers have received.

The data goes back to 2017 because under law Optus is required to keep identity verification records for six years. Until Optus determines who is affected, then Optus will be able to directly contact those customers. Bayer Rosmarin said even those customers not directly affected will hear from Optus.

There have been no ransom demands, and Optus has not yet determined whether it was a criminal organisation or state actor attack on the company. She wouldn’t go into detail about how the attack occurred, saying it was “the subject of criminal proceedings”.

The IP address of the attacker “came out of various countries in Europe”, she said.

Bayer Rosmarin said the whole country needed to respond to the attack together:

    We don’t yet know who these attackers are and what they want to do with this information, which is why we really need a Team Australia response.

Updated at 11.07 AEST
Back to top
 
 
IP Logged
 
Jasin
Gold Member
*****
Offline



Posts: 45543
Gender: male
Re: Optus customers hacked.
Reply #5 - Sep 23rd, 2022 at 11:29am
 
People are cancelling their contracts with Optus due to this negligence.
Back to top
 

AIMLESS EXTENTION OF KNOWLEDGE HOWEVER, WHICH IS WHAT I THINK YOU REALLY MEAN BY THE TERM 'CURIOSITY', IS MERELY INEFFICIENCY. I AM DESIGNED TO AVOID INEFFICIENCY.
 
IP Logged
 
Jasin
Gold Member
*****
Offline



Posts: 45543
Gender: male
Re: Optus customers hacked.
Reply #6 - Sep 23rd, 2022 at 11:32am
 
...and they tried to con the public in getting rid of cash Grin Grin Grin Grin Grin Grin Grin Grin
Back to top
 

AIMLESS EXTENTION OF KNOWLEDGE HOWEVER, WHICH IS WHAT I THINK YOU REALLY MEAN BY THE TERM 'CURIOSITY', IS MERELY INEFFICIENCY. I AM DESIGNED TO AVOID INEFFICIENCY.
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #7 - Sep 23rd, 2022 at 11:39am
 
Jasin wrote on Sep 23rd, 2022 at 11:32am:
...and they tried to con the public in getting rid of cash Grin Grin Grin Grin Grin Grin Grin Grin



The grubbberment requires private companies to
keep huge amounts of sensitive information about all of us:

https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-...
Back to top
 
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #8 - Sep 23rd, 2022 at 1:33pm
 


“And, really, why should companies hold onto information that they don’t need anyway?”

https://www.news.com.au/technology/online/hacking/what-to-do-if-you-are-affected...


Ms Bayer-Rosmarin said there was a simple explanation.

“The reason that we hold onto customer data for a period of time is that it is the law,” she said.

“We have to be able to go back in our records for six years and so we do keep all the information for the required length of time.”

Customers who have been affected will be contacted by Optus in the coming days.
Back to top
 
 
IP Logged
 
Dnarever
Gold Member
*****
Offline


Australian Politics

Posts: 57062
Here
Gender: male
Re: Optus customers hacked.
Reply #9 - Sep 23rd, 2022 at 3:13pm
 
Quote:
The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.

"Eventually one of the networks it was exposed to was a test network which happened to have internet access."

https://www.abc.net.au/news/2022-09-23/optus-hack-likely-result-of-human-error/1...


They describe this as human error ?

Yes somebody made a security error in the design of an API.

This is not the issue - This happens.

Their test process included allowing access to the API to a test segment of their network again this isn't a problem this is how you would properly test the API.

The fact that someone gave access to the internet from a test segment is the issue here.

Having a place that has access to internal critical systems used for testing apps of unknown security functionality being given access to the outside world is never allowed. But they did.

They seem to want to blame the juvenile app which was not finalised or approved which simply isn't the problem, this is normal.

The security breach was in giving a test segment external access assuming that this story is correct.
Back to top
 
 
IP Logged
 
John Smith
Gold Member
*****
Online


Australian Politics

Posts: 71948
Gender: male
Re: Optus customers hacked.
Reply #10 - Sep 23rd, 2022 at 7:11pm
 
Dnarever wrote on Sep 22nd, 2022 at 7:46pm:
Interesting they say past customers, that means that the keep all the information of people who are not their customer.



They should be fined big time for that. Under the Privacy Act they MUST destroy a customers private details when it is no longer needed.


Quote:
When you no longer need your customers’ personal information you must destroy or de-identify it. This includes shredding documents or storing them in a secure area.


https://business.gov.au/online/cyber-security/protect-your-customers-information
Back to top
 

Our esteemed leader:
I hope that bitch who was running their brothels for them gets raped with a cactus.
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #11 - Sep 23rd, 2022 at 7:23pm
 

This is part of the email I just got from Optus:

Quote:
The information which has been exposed is your
name, date of birth, email, phone number, address associated with your account,
and the numbers of the ID documents you provided such as drivers licence number or passport number.


So now cyber criminals who are experts in online fraud have all my private data.
Optus are a pack of incompetent fools.
I want justice.
Back to top
 
 
IP Logged
 
Dnarever
Gold Member
*****
Offline


Australian Politics

Posts: 57062
Here
Gender: male
Re: Optus customers hacked.
Reply #12 - Sep 23rd, 2022 at 7:24pm
 
John Smith wrote on Sep 23rd, 2022 at 7:11pm:
Dnarever wrote on Sep 22nd, 2022 at 7:46pm:
Interesting they say past customers, that means that the keep all the information of people who are not their customer.



They should be fined big time for that. Under the Privacy Act they MUST destroy a customers private details when it is no longer needed.


Quote:
When you no longer need your customers’ personal information you must destroy or de-identify it. This includes shredding documents or storing them in a secure area.


https://business.gov.au/online/cyber-security/protect-your-customers-information


Someone pointed out that they have to keep that info for 6 years by law. That bit isn't their fault as I originally thought. The wording seemed to indicate that they were keeping it long term and apparently that isn't the case.
Back to top
 
 
IP Logged
 
Bobby.
Gold Member
*****
Online


Australian Politics

Posts: 94080
Melbourne
Gender: male
Re: Optus customers hacked.
Reply #13 - Sep 23rd, 2022 at 7:28pm
 
Dnarever wrote on Sep 23rd, 2022 at 7:24pm:
John Smith wrote on Sep 23rd, 2022 at 7:11pm:
Dnarever wrote on Sep 22nd, 2022 at 7:46pm:
Interesting they say past customers, that means that the keep all the information of people who are not their customer.



They should be fined big time for that. Under the Privacy Act they MUST destroy a customers private details when it is no longer needed.


Quote:
When you no longer need your customers’ personal information you must destroy or de-identify it. This includes shredding documents or storing them in a secure area.


https://business.gov.au/online/cyber-security/protect-your-customers-information


Someone pointed out that they have to keep that info for 6 years by law. That bit isn't their fault as I originally thought. The wording seemed to indicate that they were keeping it long term and apparently that isn't the case.




What's the bet that no one will go to jail?

Politicians are also culpable -
they voted for the data retention legislation that
forced Optus to store our information.
Back to top
 
 
IP Logged
 
Dnarever
Gold Member
*****
Offline


Australian Politics

Posts: 57062
Here
Gender: male
Re: Optus customers hacked.
Reply #14 - Sep 23rd, 2022 at 7:37pm
 
Bobby. wrote on Sep 23rd, 2022 at 7:28pm:
Dnarever wrote on Sep 23rd, 2022 at 7:24pm:
John Smith wrote on Sep 23rd, 2022 at 7:11pm:
Dnarever wrote on Sep 22nd, 2022 at 7:46pm:
Interesting they say past customers, that means that the keep all the information of people who are not their customer.



They should be fined big time for that. Under the Privacy Act they MUST destroy a customers private details when it is no longer needed.


Quote:
When you no longer need your customers’ personal information you must destroy or de-identify it. This includes shredding documents or storing them in a secure area.


https://business.gov.au/online/cyber-security/protect-your-customers-information


Someone pointed out that they have to keep that info for 6 years by law. That bit isn't their fault as I originally thought. The wording seemed to indicate that they were keeping it long term and apparently that isn't the case.




What's the bet that no one will go to jail?

Politicians are also culpable -
they voted for the data retention legislation that
forced Optus to store our information.


They seldom catch the perpetrators. Someone in the company done or authorised something stupid but it wasn't malicious. The person legally responsible likely knew nothing about it. The law in this area is not competent.

If they prosecute internally in future companies will be more likely to not report incidents.

Most people working in IT would be aware of security incidents not reported.

Back to top
 
 
IP Logged
 
Pages: 1 2 3 ... 17
Send Topic Print