SoylentNews

CEO Cries After Nine Million Optus Accounts Hacked

posted by janrinok on Saturday September 24 2022, @06:34PM   
from the privacy-is-like-virginity dept.

An Anonymous Coward writes:

In September 2022 private data for around 9 million Optus users was stolen.

In response, the CEO of Optus Australia has offered an emotional apology after customers raged about the hack online. A statement from Optus said that Information which may have been exposed includes customers' names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers.

It is thought that 2.8 million people had all of their details taken, while information for around 7 million people which included DOB, email address, and phone numbers was stolen. Optus is "very sorry" and knows that "customers will be concerned". Optus has said its services were not affected in the breach and remain safe to use, with messages and voice calls not compromised.

Customers have taken to social media to say that the telco had not yet contacted them to make them aware of the breach.

Nothing to worry about. Just another online day in Australia.

---

Original Submission

• Inevitable result Inevitable result (Score: 5, Insightful) by Joe Desertrat on Saturday September 24 2022, @11:58PM (2 children)

  by Joe Desertrat (2454) on Saturday September 24 2022, @11:58PM (#1273490)

  In the name of "security", they will make it harder for customers to use their accounts, adding extra login steps, requiring information like phone numbers, etc., while doing next to nothing about the actual security holes that allowed the breach. I'm sure the hackers didn't crack the passwords of nine million users to accomplish what they did.

  Starting Score:	1		point
  Moderation		+3
  Insightful=3, Total=3
  Extra 'Insightful' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		5

• Re:Inevitable result (Score: 3, Informative) by c0lo on Monday September 26 2022, @09:45AM

  by c0lo (156) on Monday September 26 2022, @09:45AM (#1273701) Journal

  I'm sure the hackers didn't crack the passwords of nine million users to accomplish what they did.

  Nobody is talking about cracking a password or something.
  Even more than that, it may be about negligence to secure an API at all [abc.net.au]

  "[They] wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA)."

  The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.

  "Eventually one of the networks it was exposed to was a test network which happened to have internet access."
  ...
  Optus told the ABC suggestions the attack stemmed from any form of human error were completely inaccurate but insisted the "sophisticated" incident was still under investigation.

  Earlier on Friday, the ABC put specific questions to Optus CEO Kelly Bayer Rosmarin about whether human error involving the company's API was behind the breach.

  "I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so we will not be divulging details about that," Ms Bayer Rosmarin told an online media briefing.

  --
  https://www.youtube.com/watch?v=aoFiw2jMy-0

  Parent

• Re:Inevitable result (Score: 0) by Anonymous Coward on Tuesday September 27 2022, @02:07AM

  by Anonymous Coward on Tuesday September 27 2022, @02:07AM (#1273802)

  They already do this. Many other places also. It is getting to the point where you cannot function in society without a number. I have tried this to see how far you can get. Many places online require a phone number

  Parent