Optus Data Breach | PUNT ROAD END | Richmond Tigers Forum
  • IMPORTANT // Please look after your loved ones, yourself and be kind to others. If you are feeling that the world is too hard to handle there is always help - I implore you not to hesitate in contacting one of these wonderful organisations Lifeline and Beyond Blue ... and I'm sure reaching out to our PRE community we will find a way to help. T.

Optus Data Breach

Looks like Oopstarse needs a better security system. Nothing ever gunna be safe when there's potential to access millions of peoples personal info all nice n securely stored on the internet.
 
  • Like
Reactions: 1 user
Don't know what Optus's mobile network coverage is like nowadays, it wasn't as good as Telstra's when I enquired about it years ago. With historical passwords, addresses etc part of the hack, I'm glad i never signed up.
 
Good thread here.


Basically some engineers setup an unathenticated API on a test network exposed to the internet, so anyone could access it without logging in.

Even more unbelievably, this test network was connected to the production database containing the live customer data that has been stolen.

This setup violates the most basic rules of software and internet security/separation of concerns.

This is so incredibly bad I can't even.
 
  • Sad
  • Wow
  • Angry
Reactions: 2 users
Might be old, stupid n totally internet inept. But why do any of these mobs need to save all your personal info once they have established your bona fides to set up your account????
Everyone constantly gets told to upgrade their internet security, not just hand out private information etc etc etc. Yet mobs like banks, phone companies, utilities companies store the private details of millions of people and are probably constant targets for the hackers as the value of breaking in would be in the multi millions of $
Oops we're sorry simply doesn't cut it, with all the info these bastards have stored in their files thousands upon thousands of fake identities could easily be established.
 
  • Like
Reactions: 2 users
The banks seem paticularly jumpy. Got a text for this morning 'unusual actvity on your account' for a regular monthly payment.
Just be happy that they're keeping a close eye on your account at the moment ToOheys, even if they are a bit twitchy.
 
  • Like
Reactions: 1 user
Besides f*cking up my monthly payments when going to nbn, everything seems fine on this side. Too many duds at the call centre IMO.
 
  • Like
Reactions: 1 user
Might be old, stupid n totally internet inept. But why do any of these mobs need to save all your personal info once they have established your bona fides to set up your account????
Everyone constantly gets told to upgrade their internet security, not just hand out private information etc etc etc. Yet mobs like banks, phone companies, utilities companies store the private details of millions of people and are probably constant targets for the hackers as the value of breaking in would be in the multi millions of $
Oops we're sorry simply doesn't cut it, with all the info these bastards have stored in their files thousands upon thousands of fake identities could easily be established.

Because they need your details for confirmation when you ring in to change/close account. They are legally obliged to keep details for 6 years IIRC.

Without knowing the full details, I can't believe this stuff was all kept in a single or at least a linked DB. Looks like the guy who stole the data is selling on the dark web for $1 million, pretty cheap. If I was optus I'd be buying it back and hoping it doesn't get resold elsewhere.
 
Besides f*cking up my monthly payments when going to nbn, everything seems fine on this side. Too many duds at the call centre IMO.
Had the same issues a few years back. Curiously, resolved in a couple of days, once I involved the Ombudsman, prior to that months of back and forth, with no result.
Dumped them soon after.
 
  • Like
Reactions: 1 users
Had the same issues a few years back. Curiously, resolved in a couple of days, once I involved the Ombudsman, prior to that months of back and forth, with no result.
Dumped them soon after.

unfortunately, it seems to me that like most large organizations they're totally useless at really looking after their customers/clients.

The communication industry & energy sector are perfect examples of maximising profits whilst doing as little as possible to provide the best possible service for their customers.

I can't tell you how sick I am of hearing the phrase "Your call is important to us please stay on the line, a customer service person will be with you as as soon as possible".

Meanwhile 20 minutes later you might be lucky to have your call answered.

JUST EMPLOY MORE STAFF YOU MONEY GRABBING B@*&T@RDS
 
  • Like
Reactions: 1 users
unfortunately, it seems to me that like most large organizations they're totally useless at really looking after their customers/clients.

The communication industry & energy sector are perfect examples of maximising profits whilst doing as little as possible to provide the best possible service for their customers.

I can't tell you how sick I am of hearing the phrase "Your call is important to us please stay on the line, a customer service person will be with you as as soon as possible".

Meanwhile 20 minutes later you might be lucky to have your call answered.

JUST EMPLOY MORE STAFF YOU MONEY GRABBING B@*&T@RDS
Same here TT. Best way to solve a problem now is to use the online chat like I did in the end. Lost 90 minutes of calls on my mobile when they told me to 'hold', and then decided to use the online chat which looks like a robot but ended up being quicker.
 
Same here TT. Best way to solve a problem now is to use the online chat like I did in the end. Lost 90 minutes of calls on my mobile when they told me to 'hold', and then decided to use the online chat which looks like a robot but ended up being quicker.

Yeah fair comment TF, I'll have to sstart using that a bit more,, sometimes they can't answer some queries. But Instead some good experiences with it.
 
  • Like
Reactions: 1 user
Good thread here.


Basically some engineers setup an unathenticated API on a test network exposed to the internet, so anyone could access it without logging in.

Even more unbelievably, this test network was connected to the production database containing the live customer data that has been stolen.

This setup violates the most basic rules of software and internet security/separation of concerns.

This is so incredibly bad I can't even.

It doesn't sound much like a "cyber attack" as they described it to me in yesterdays email, more like they left the doors unlocked for someone to waltz in to pinch a bunch of stuff. Not happy Jan.
 
  • Angry
Reactions: 1 user
Because they need your details for confirmation when you ring in to change/close account. They are legally obliged to keep details for 6 years IIRC.

Without knowing the full details, I can't believe this stuff was all kept in a single or at least a linked DB. Looks like the guy who stole the data is selling on the dark web for $1 million, pretty cheap. If I was optus I'd be buying it back and hoping it doesn't get resold elsewhere.

If they did pay this ransom how could they guarantee that the data hasn't just been copied and then ask for more money?
 
  • Like
Reactions: 1 user
Might be old, stupid n totally internet inept. But why do any of these mobs need to save all your personal info once they have established your bona fides to set up your account????
Everyone constantly gets told to upgrade their internet security, not just hand out private information etc etc etc. Yet mobs like banks, phone companies, utilities companies store the private details of millions of people and are probably constant targets for the hackers as the value of breaking in would be in the multi millions of $
Oops we're sorry simply doesn't cut it, with all the info these bastards have stored in their files thousands upon thousands of fake identities could easily be established.

For a phone account I see absolutely no reason why they need your passport number or the like, all they need is some level of prrof that you will pay the bills. Where I work we do need positive proof of identity and it does worry me that the scans of passports and the like are not removed later. What they need to do is to sight the proof of identity and then tick a box saying it has been sighted. No need to keep this.

DS
 
It doesn't sound much like a "cyber attack" as they described it to me in yesterdays email, more like they left the doors unlocked for someone to waltz in to pinch a bunch of stuff. Not happy Jan.

Exactly so. No hacking involved, doors left wide open.

Apparently the api address was api.optus.com.au

♀️♀️♀️♀️