Forum Topics Optus cyber attack - not just about Optus
Seasoning
Added 3 years ago

Apparently, Optus has history of fighting against changes to the privacy act as recent as January.

It does make me wonder if this will be the catalyst for the government to introduce EU style GDPR laws.

8
Nnyck777
Added 3 years ago

f7650e7d3d9f959bbe3a54d04d9e1d9c94b0fe.pngI thought this tweet was gold. The ransom amount of $1 million dollars sounds like a couple of teens are in charge.

https://twitter.com/theshovel/status/1574564027199782913?s=46&t=t9H4St8cnHdcQxSAk3bk_A

16
Bryce
Added 3 years ago

"Your password hasn't been compromised" Who cares. I'm more worried about every other single bit of data available for ID fraud (especially online loans/other scams) thats been compromised. They don't care about Optus passwords, they'd only be going for the data they have anyway.

Same thing happened to Sony/playstation back in the day.. I wasn't on any of their platforms so I don't know how it turned out(?).

With my cynical hat on, theres no way a big company is going to delete my data as soon as I've left them.. They would hold on/use/say they have it to other providers for $$ for as long as possible. I haven't been with them for years and still got an email from them, which kinda proves that point, intentions aside.

Cyber crime is a future proof industry - Wonder how HACK is going to react lol.


18
slymeat
Added 3 years ago

News is out about a cyber attack on Optus releasing private details (including passwords) of many customers.. This is concerning, not only from the attack point of view, but from the point of how unsecure our data is that we entrust with companies.

On TV just now I heard a politician (Graham Swan - or is he an ex-politician?) state “This just goes to show that we need strong passwords.” Oh what a load of uninformed dribble. He must have heard that term somewhere and thought it was something smart to say. 

I agree that strong passwords, and better still, two factor authentication, help secure our access to things, but strong passwords have nothing to do with breaches like this one involving Optus when companies store our details in plain text and insecurely. The hackers will simply get our “strong” passwords and then they aren‘t that strong any more.

There is absolutely no reason for any company to store a password in plain text—as seems to be the case in this instance. And on top of that, I would expect ALL stored personal data to be encrypted at the very least.

With such lacklustre measures to secure our private details—something that is so basic and so simple to do—I lose faith in EVERYTHING else the company does.

And in this instance, being Optus, a telecommunications company that knows so much about security, and is a technology company on top of that, the problem is even worse. They SHOULD know better.

32
Timocracy
Added 3 years ago

I will be interested to hear more on exactly what the data breach included. Surely the Optus network wouldn't have access to say the encrypted passwords stored on an iCloud Keychain through an iPhone etc?


4
Timocracy
Added 3 years ago

@Seasoning if it's any solace (not)

I tried to port my number from Optus to Virgin mobile about 6 years ago because they wouldn't give me a better deal and was all the same network anyway.

For some reason, the number couldn't be ported so I started with a new ## and had that plan with Virgin for about 2.5 years until they ceased operations in Australia. So I was put back on a now "cheaper" Optus plan...where I wanted to be in the first place. Lol.


Anyway, about 6 months into that new plan I get a letter from a debt recovery agency (after three house moves, too!) saying I owe over $600 for a year's worth of unpaid Optus bills. Said they tried to contact by phone, to the old number. Useless.


Was an absolute nightmare. Eventually had to cough up the $600 to get the DR people off my back but I was fuming at the hopelessness of Optus.

14
Dominator
Added 3 years ago

In case anyone else has issues with a telco they can't get fixed. When I have had issues with a telco I've gone straight to the telco ombudsman and the problem was sorted in my favour pretty quickly.

The size of this cyber breach is significant. A substantial portion of the Australian adult population has had their most important data released to criminals that can use this information to defraud the victims and financial institutions. I was recently chatting to a victim of identity theft; it was an extremely stressful period of their life. Imagine having to lock every bank account and digital part of your life, then the time and effort to pay basics of life such as your electricity bill. Luckily for them they had a boss that was able to pay them in cash to help them out throughout the period. The extent of the fraud was around 500k worth of credit cards and other financial applications/loans using about 20 different institutions. The critical piece of information... Their driver's licence had been scanned and that data used as the verification factor.

I was previously an Optus customer. I hope they have deleted my information... While Optus is a victim and it is impossible that a company can prevent every possible cyber-attack, at their size there needs to be consequences if every reasonable step wasn't taken to ensure a data breach didn't occur.

24