[clug] OT 300,000 Optus customers' information insecure

[Bryan Kilgallin]

{In the first incident, Optus mistakenly released the names, addresses 
and mobile phone numbers 
<http://www.canberratimes.com.au/digital-life/mobiles/optus-exposes-customers-silent-listings-20140613-zs7id.html> 
of about 122,000 Optus customers in the White Pages online directory 
without the consent of those customers.

The issue, which occurred due to a "coding error", also resulted in the 
majority of those customers' information also being published in various 
print editions of the White Pages.

The second incident concerned a flaw that left customers vulnerable to 
'spoofing' attacks 
<http://www.canberratimes.com.au/it-pro/security-it/optus-left-customers-mobile-voicemail-accounts-exposed-20140517-zraz7.html>, 
where an unauthorised party could potentially access and use customer 
voicemail accounts messages, including being able to listen to recorded 
messages and change settings and preferences.

The third incident concerned Optus "deliberately" leaving the management 
ports of customer-issued modems open 
<http://www.canberratimes.com.au/it-pro/security-it/default-password-leaves-tens-of-thousands-of-optus-cable-subscribers-at-risk-20140403-zqprz.html>, 
incorrectly assuming that they were only accessible by Optus staff for 
network management purposes.

In addition, Optus issued 197,000 Netgear modems and 111,000 Cisco 
modems to its customers with factory default settings, including user 
default names and passwords in place.}

http://www.canberratimes.com.au/it-pro/security-it/optus-admits-failure-in-not-identifying-three-big-security-incidents-20150327-1m98z1.html

-- 
www.netspeed.com.au/bryan/