• Optus, Australia’s second largest telecommunications company has been hacked

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Optus, Australia’s second largest telecommunications company has been hacked

    • This topic has 2 replies, 3 voices, and was last updated 2 months ago.
    Author
    Topic
    #2482750

    https://www.abc.net.au/news/2022-09-27/optus-data-breach-step-by-step-guide-on-protecting-yourself/101476312

    Optus, Australia’s second largest telecommunications company, announced on September 22 that identifying details of up to 9.8 million ~(40% of Australia’s population) customers were stolen from their customer database.

    The details, dating back to 2017, include names, birth dates, phone numbers, email addresses, and – for some customers – addresses and driver’s licence or passport numbers…

    The stolen data constitutes an almost complete suite of identity information about a significant number of Australians. Optus states they have notified those affected, but there are plenty of questions remaining…

    Late last week, an anonymous poster on a dark web forum posted a sample of data ostensibly from the breach, with an offer not to sell the data if Optus pays a $US1 million ransom….

    https://www.dailymail.co.uk/news/article-11252779/Optus-cyber-attack-data-hack-simple-security-breach.html

    ..the hacker was able to find the address of the telco’s central computer containing the database of customer records and information.

    The hacker, known as ‘Optushack’, allegedly requested the records and was given access to the information without having to provide authentication or a password. ..

    https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack

    At Optus our priority has been to communicate with customers whose information was compromised because of a cyberattack.

    We are now taking a further step to help reduce the risk of identity theft. Optus is offering the most affected current and former customers whose information was compromised because of a cyberattack, the option to take up a 12-month subscription to Equifax Protect at no cost. Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft. No passwords or financial details have been compromised.

    The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost. Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams. ..

    https://www.dailymail.co.uk/news/article-11249615/Anthony-Albaneses-security-ministers-cutting-remark-Optus.html

    • This topic was modified 2 months, 1 week ago by Alex5723.
    Viewing 0 reply threads
    Author
    Replies
    • #2484476

      Several news outlets have reported that very sensitive customer data was accessed.  One can understand that this would be the case when the client database was the attacker’s intended  treasure trove.   The question that comes to mind…

      Why does an ISP require anything more than your home address, age, phone number, email address and credit card number?  It has been reported that some Optus customers have had their passport number, medicare card number and/or drivers license number revealed …why does this ISP require this level of personal info  to deliver an internet service?

      It’s overkill.

      • #2484803

        Why does an ISP require anything more than your home address, age, phone number, email address and credit card number? It has been reported that some Optus customers have had their passport number, medicare card number and/or drivers license number revealed …why does this ISP require this level of personal info to deliver an internet service?

        I completely agree. Age too? Credit card as well??

        ISP’s should be regulated and treated in this age similar to what other “Public Utilities” are.

        Here in California, all I had to do to open an cable TV/ISP account was provide my name, address, deposit fees, and wait for the service guy.

        (Granted, this was long ago-20+ years. I don’t think they even asked for a credit card. But they got swallowed up up by a bigger fish, which was swallowed up by an even bigger fish, which went bankrupt and was swallowed up by T/W, which tried to hide the fact by calling it’s service “Spectrum”. But I digress.)

        Same with the local power and gas; name, address, security deposit. Wait a bit, and it’s done.

        But today, well..they just HAVE to know all of the above plus the color of your bathroom roll, and if your 2nd cousin’s related to King Charles.

        It’s to serve[enslave] you better!

        I have some Aussie friends, and you don’t want to get these people riled up.(It’s hard, nicest blokes and gals on the planet, but this mess? If Optus thinks they’re gonna buy their customers off with monitoring by Equifax [Hah! That bag of idiots!]…Well, mate, to use their own vernacular, they’re gonna make a dog’s breakfast out of that ISP!)

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        --
        "Courage isn’t the absence of fear; it's being scared to death and going on anyway. The man who says he's fearless is a fool, and I won't have him in my command.” —Unknown

    Viewing 0 reply threads
    Reply To: Optus, Australia’s second largest telecommunications company has been hacked

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: