[clug] OT 300,000 Optus customers' information insecure
Bryan Kilgallin
bryan at netspeed.com.au
Fri Mar 27 00:52:17 MDT 2015
{In the first incident, Optus mistakenly released the names, addresses
and mobile phone numbers
<http://www.canberratimes.com.au/digital-life/mobiles/optus-exposes-customers-silent-listings-20140613-zs7id.html>
of about 122,000 Optus customers in the White Pages online directory
without the consent of those customers.
The issue, which occurred due to a "coding error", also resulted in the
majority of those customers' information also being published in various
print editions of the White Pages.
The second incident concerned a flaw that left customers vulnerable to
'spoofing' attacks
<http://www.canberratimes.com.au/it-pro/security-it/optus-left-customers-mobile-voicemail-accounts-exposed-20140517-zraz7.html>,
where an unauthorised party could potentially access and use customer
voicemail accounts messages, including being able to listen to recorded
messages and change settings and preferences.
The third incident concerned Optus "deliberately" leaving the management
ports of customer-issued modems open
<http://www.canberratimes.com.au/it-pro/security-it/default-password-leaves-tens-of-thousands-of-optus-cable-subscribers-at-risk-20140403-zqprz.html>,
incorrectly assuming that they were only accessible by Optus staff for
network management purposes.
In addition, Optus issued 197,000 Netgear modems and 111,000 Cisco
modems to its customers with factory default settings, including user
default names and passwords in place.}
http://www.canberratimes.com.au/it-pro/security-it/optus-admits-failure-in-not-identifying-three-big-security-incidents-20150327-1m98z1.html
--
www.netspeed.com.au/bryan/
More information about the linux
mailing list