One of the most serious cyberattacks: Customer data exposed in Optus hack
|
« Back ·
1 ·
Next »
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
QUOTE: Hackers have breached Optus’ systems in one of the largest cyberattacks in Australian history, accessing names, dates of birth, phone numbers, email addresses, physical addresses and driver’s licence numbers of millions of the telecommunications giant’s customers.
Well-placed sources not authorised to speak publicly said that up to 9 million customers had been affected. Many had their contact details exposed to the hackers, who also pilfered even more sensitive details, such as passport and drivers’ licence numbers, for a smaller portion of Optus customers.
. . .
“Unfortunately, we became aware late yesterday that there was an unusual activity [on our network] that was a cyberattack,” Bayer Rosmarin said on the ABC. “We’re still really in the throes of investigating exactly what information has been accessed and working with all the authorities and others to try and determine who has access to them for what purpose.”
Unfortunate she says. Floptus system management incompetence I'd say.
https://www.smh.com.au/technology/customer-data-exposed-in-major-optus-hack-20220922-p5bk7v.html
|
|
|
|
Location: Latham, ACT
Member since 21 February 2015
Member #: 1705
Postcount: 2167
|
This sort of thing is attempted more then you realise. Why do you think the banks have so many outages.
The optus one even though it was serious was quickly reported.
|
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
|
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
Here we go:
QUOTE: Preliminary investigations by Optus suggest an error by an IT programmer may have inadvertently allowed cyber criminals to steal personal details of potentially millions of customers.
. . .
The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.
"Eventually one of the networks it was exposed to was a test network which happened to have internet access."
This allowed access to the Optus network from outside the company.
Management incompetence. This is a 1 billion dollar organisation, not a mum and dad operation. No way that management can escape responsibility for this. As the saying goes: There are no bad troops. There are only bad leaders.
https://www.abc.net.au/news/2022-09-23/optus-hack-likely-result-of-human-error/101468846
|
|
|
|
Administrator
Location: Naremburn, NSW
Member since 15 November 2005
Member #: 1
Postcount: 7373
|
The bottom line is, that regardless of the law and associated penalties, there is no such thing as a hack-proof computer system. Where ever there is a lock, there is a key to open it or someone who knows how to pick the lock. It can be mechanica, electrical or built on computer logic - all locks are the same.
Optus will likely face fines of millions for this, once the investigation is done and dusted. The laws aren't really in place to cover events like this, they were originally intended to cover companies that adopt a completely cavalier approach to IT security. That said, the law does apply equally, regardless of intent. All blue chip companies cop attacks around the clock on their IT systems. It just comes with the territory.
In the case of this site, the registration form doesn't ask for the kinds of details that have been subject to Optus' attack. I've always felt that it would be pointless to request information that I do not need for the running of this site, which means the site doesn't ask for it. Unfortunately, a telephone company doesn't have that luxury and needs to know the usual customer details, often including credit card numbers and proof of age. These, along with real names, are what hackers can sell.
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...
|
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
companies that adopt a completely cavalier approach to IT security.
Whenever there's a such screw-up -- in this case apparently opening up the system to outside access -- there's typically a failure to plan for and/or carry out effective risk management, which is one of the key responsibilities of project/security managers. There's simply no excuse for this.
|
|
|
|
Administrator
Location: Naremburn, NSW
Member since 15 November 2005
Member #: 1
Postcount: 7373
|
I've always said that the last job I would ever want is to be an IT manager anywhere, large or small. They wouldn't always get a good night's sleep. The problem is, unless one's staff are really on top of their game at all times, intrusions into systems won't be seen until it is too late and often, a hack doesn't get detected until staff discover an anomaly down the track which means the damage has been done and the dollars made well and truly by then.
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...
|
|
|
|
Location: NSW
Member since 10 June 2010
Member #: 681
Postcount: 1291
|
According to an Optus source the reason driver's licence and/or passport details are kept is that it is a regulation to keep them for 6 years. On that basis my licence details should not have been compromised - did not use my passport details. So went in to Optus shop to check up on this and sure enough they did not have my driver's licence details on file.
So that only leaves the name/address/birthdate/phone number details to be concerned about - no small thing. No notification yet but one of my daughters has been notified that these details are compromised for her- so maybe I am OK - fingers crossed.
|
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
|
|
|
|
Location: Silver City WI, US
Member since 10 May 2013
Member #: 1340
Postcount: 977
|
QUOTE: Singaporean-owned
I wouldn't support a foreign owned service provider:
Australia's wealth is being drained overseas.
TPG is also increasingly foreign owned:
wiki/TPG_Telecom#Merger_announcement
|
|
|
|
Location: Latham, ACT
Member since 21 February 2015
Member #: 1705
Postcount: 2167
|
Haa police caught a hacker who grabbed information for 10,000 optus customers off the dark web. He sent messages demanding $2000 be paid into his commonwealth bank account, otherwise he will use their info for criminal activity. How dumb can he be lol.
|
|
|
|
Location: Linton, VIC
Member since 30 December 2016
Member #: 2028
Postcount: 472
|
What is it about a 19 year old criminal who freely gives his bank account details on the net to those he wishes to steal from?
I bet they called him Brain Cell at school (if indeed he did go to school)
|
|
|
|
Location: Sydney, NSW
Member since 28 January 2011
Member #: 823
Postcount: 6747
|
I'd put whoever at Optus let this happen in the same class as 'Brain Cell'.
Heads need to roll over this debacle, starting at the top.
|
|
« Back ·
1 ·
Next »
|
You need to be a member to post comments on this forum.
|