SoylentNews is people
SoylentNews
In September 2022 private data for around 9 million Optus users was stolen.
In response, the CEO of Optus Australia has offered an emotional apology after customers raged about the hack online. A statement from Optus said that Information which may have been exposed includes customers' names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers.
It is thought that 2.8 million people had all of their details taken, while information for around 7 million people which included DOB, email address, and phone numbers was stolen. Optus is "very sorry" and knows that "customers will be concerned". Optus has said its services were not affected in the breach and remain safe to use, with messages and voice calls not compromised.
Customers have taken to social media to say that the telco had not yet contacted them to make them aware of the breach.
Nothing to worry about. Just another online day in Australia.
(Score: 5, Informative) by deimtee on Sunday September 25 2022, @04:50AM (10 children)
Yep. Every phone is tied to a certified ID. No such thing as a "burner" phone in AU.
No problem is insoluble, but at Ksp = 2.943×10−25 Mercury Sulphide comes close.
(Score: 5, Insightful) by driverless on Sunday September 25 2022, @01:08PM
Isn't it wonderful what all this extra security they've added around phones has achieved?
Oh, sorry, read it too fast, it says "security theatre". My bad.
(Score: 2) by Mykl on Sunday September 25 2022, @10:52PM (8 children)
Having all of this data breached is a very bad thing, but I do like the absence of burner phones in Australia (not that people can't still spoof numbers - hopefully we get the Telcos to come to the party on that one soon).
I can understand the need for proper identification against a phone number when it comes to Financial Crime, as virtually all of our services these days use a phone number to text 2FA, verify account details, provide password resets etc.
(Score: 2) by deimtee on Monday September 26 2022, @02:50AM
I don't mind the certifying part, but there is no need for them to keep the copies they do. A simple boolean in a database that says DL sighted, BC sighted, etc. is all that is needed. They should not be allowed to keep copies of any of it past the need for verification.
No problem is insoluble, but at Ksp = 2.943×10−25 Mercury Sulphide comes close.
(Score: 2) by RS3 on Tuesday September 27 2022, @12:17AM (6 children)
I'm very saddened to hear this. I consider phones, especially cell, and phone phone numbers to be fundamentally and extremely insecure. Sending any kind of sensitive information to a phone number is lunacy IMHO, for many reasons, including that a phone number could be incorrect, so who knows who will get your critically important info. But the people setting this up and using it don't care, and evidently don't have to care.
(Score: 2) by Mykl on Tuesday September 27 2022, @01:11AM (5 children)
I didn't say that it was a good thing that phones are used so centrally for this, but it is what it is. Given that's the case, we need to come up with ways to minimise the many, many dangers that they pose.
(Score: 2) by RS3 on Tuesday September 27 2022, @01:48AM (4 children)
Well sure, and I never said you said it was a good thing. I'm referring to the govt. laws and policies. I assume you're not in Aus govt.?
So firstly, I'm concerned about the root cause- how did this happen in the first place (that someone things phones are secure)?
Secondly, the only thought I have is for experts to be consulted by govt. officials, and the laws and policies based on reality (that phones and numbers are _not_ secure).
What are your thoughts, ideas?
(Score: 2) by RS3 on Tuesday September 27 2022, @01:51AM
"things" should be "thinks"
(Score: 2) by Mykl on Tuesday September 27 2022, @05:32AM
It sounds really archaic, but a lot of fraud for _big_ things (change of property title, sale of large shareholdings) could be avoided by no longer allowing these transactions to be online-only.
For most people, a property purchase is a once-in-a-lifetime event. Requiring someone to show up in person to sign the papers (along with ID etc) would massively reduce the threat of fraud while creating a relatively minor inconvenience for many (who would probably be more than happy about it when told that it reduces the chance that they will be swindled out of their life savings down the track).
Should I need to physically turn up to a Telco store in order to obtain a phone number? Maybe! This can be mitigated for business accounts by allocating a range of numbers at one time, so that the poor peon in IT isn't making daily trips to the store.
This will obviously have more of an impact on some people (e.g. remote and rural residents, shift workers etc), but it would be safer than what we have today.
(Score: 3, Insightful) by deimtee on Wednesday September 28 2022, @03:25PM (1 child)
They think mobile phones sort of carried on from landline phones. Landlines in AU were pretty secure. One network and each phone physically tied to a single address. When mobiles started being introduced they tried to keep that security. To get a mobile you had to show up with proof of ID and the phone was tied to the name and address on that ID.
No problem is insoluble, but at Ksp = 2.943×10−25 Mercury Sulphide comes close.
(Score: 2) by RS3 on Wednesday September 28 2022, @04:54PM
Yes, you're on to what I'm seeing- legacy landline concepts being applied to cell phones.
Notice I wrote "legacy"- old copper-based stuff would be almost impossible to hack, and there'd be pretty much no point. Well, I suppose one could voice call and give a password / security code verbally, but even then you can't be sure of who answers the phone. Could be a robber / kidnapper who has the homeowner literally tied up and is trying to clean out their bank accounts.
If hackers (and I hate using that term that way) can get into govt. networks and systems worldwide, there's no way cell networks are somehow magically immune.
I wish I understood the mechanisms (people making very poor decisions) in place that decide to use cell phone numbers as a secure way to identify and communicate sensitive information. Lunacy. Somehow these decisions are being made without consulting actual tech experts. And like too many things in society, everyone else does it because it's the current fad. Lunacy.