More on the Telstra stuff up…
Word is emails are flowing again, which is good… as for the rest of this sorry tale..
More information is flowing in about what was exposed:
“detailed information outlining the customer's account number, what broadband plan they're on, what other Telstra services they're signed up to and notes associated with the customers' accounts including in many cases their usernames and passwords”
“details about technician visits, SMS messages sent to private mobile numbers and credit check details”
“At about 4.45pm AEDST, about an hour after Telstra was notified of the breach by this website, customer details were still accessible. At about 5pm AEDST the site presented internet users with "Access Denied".”
The source article also reveals that Telstra are a customer of Pure Hacking, a company that claims it has “the expertise needed to keep the wrong people from getting to the sensitive places in your computing infrastructure” – seems to me they missed something pretty damned basic here (assuming that Telstra purchased a service that should have picked up such a glaring deficiency). Who knows, maybe Pure Hacking were only undertaking penetration testing and intrusion detection and prevention, which could, I guess, miss a "served-on-a-platter-all-you-can-eat-no-hacking-needed” incident like the Telstra one.
Ty Miller has a blog on the purehacking.com website, which I shall be watching with interest:
Photo source: Michael Lee/ZDNet Australia via http://www.zdnet.com.au/telstra-exposes-customer-information-339327696.htm – original url: http://cdn.cbsi.com.au/story_media/339327696/bundlefail_1.jpg