[clug] OT 300,000 Optus customers' information insecure

Bryan Kilgallin bryan at netspeed.com.au
Fri Mar 27 00:52:17 MDT 2015

{In the first incident, Optus mistakenly released the names, addresses 
and mobile phone numbers 
of about 122,000 Optus customers in the White Pages online directory 
without the consent of those customers.

The issue, which occurred due to a "coding error", also resulted in the 
majority of those customers' information also being published in various 
print editions of the White Pages.

The second incident concerned a flaw that left customers vulnerable to 
'spoofing' attacks 
where an unauthorised party could potentially access and use customer 
voicemail accounts messages, including being able to listen to recorded 
messages and change settings and preferences.

The third incident concerned Optus "deliberately" leaving the management 
ports of customer-issued modems open 
incorrectly assuming that they were only accessible by Optus staff for 
network management purposes.

In addition, Optus issued 197,000 Netgear modems and 111,000 Cisco 
modems to its customers with factory default settings, including user 
default names and passwords in place.}



More information about the linux mailing list