Telstra bungle exposes private information of 60,000 customers

Just when you thought your information was safe with large companies, a database of 60,000 Telstra bundle customers has been available for anyone to view and download for an undisclosed time frame. Drew explains how this could happen and how Telstra was found out.

Telstra, Privacy Breach, Security, Technology, Australia, Bundle Search, Bigpond, Internet, Phone, Home

The usernames, passwords, home addresses and full names of 60,000 Telstra bundle customers have been available online for anyone with the correct link to download, due to Telstra hosting sensitive data on a private database with no security protocols. While ex-employees of Telstra may have known the link, it was made public on Friday when a user of popular Australian community forum Whirlpool googled his own phone number and stumbled upon the database which seems to have recently been ‘indexed’ and put onto the map by Google.

Even more troubling is the fact that the same server hosted forms which could have allowed users to administer BigPond email addresses, including transferring them between accounts.

The ‘Telstra bundles request search’ tool was taken down one hour after the security breach hit the mainstream media websites on Friday and BigPond services remained blocked for most users for 24 hours. When access returned for BigPond customers, Bundle plan users’ passwords had been reset.

It beggers belief, but Telstra users were not notified and wouldn’t have known about the problem unless they contacted the help desk or found out about it through media outlets.

Vodafone was hit with a similar privacy breach earlier in the year when it was revealed Vodafone employees were using the same username and password to access customer information online, which meant there was little to no tracking processes in place to prevent misuse of the system.

Will you be considering a change of provider after such a privacy breach?





    COMMENTS

    To make a comment, please register or login
    bevharro
    13th Dec 2011
    5:50pm
    Absolutely unbelievable. I could not access my emails, said I had a problem. So I reset my modem, nothing changed. I was about to phone Telstra about this problem when I noticed on the Big Pond News website a comment made by a user about the site being taken down. There was NOTHING on the Big Pond site at all about this. Yesterday I noticed on the home page they had in bright red about there being a problem. Why did they not do this when the system was taken down. It would have saved them thousands of phone calls just for starters, apart from doing the right thing by their customers. A very sad state of affairs. I am about to change my password to access big pond account services right now.
    rogerh
    13th Dec 2011
    11:12pm
    It was no big deal to me. I don't use BigPond email. My email boxes and those of my family are on our own domain name and hosted by a site in the USA. I routinely change my passwords on all sites I log into for either my ISP (BigPond) or my VoIP providers sites. Get yourself a program called RoboForm and it can generate some really random number passwords for you and manage them too.
    marirose
    14th Dec 2011
    7:41am
    I cannot believe no one bothered to inform us. Surely all users have a phone contact, so we should have been informed individually and advised how to overcome the problem. My sister's email was reinstated in 48 hours, but 4 days later I was still waiting and only when I rang Telstra did I get information to restore it.
    Very bad form Telstra. If I was not locked into a contract I would be looking elsewhere. I cannot believe that the money you rake in every month wouldn't supply the very best security software.
    James
    14th Dec 2011
    12:20pm
    This is not the only problem with TELSTRA security. Two weeks ago, I discovered that my prepaid mobile phone had been hacked and was being used to regularly download internet files. It took many hours over 4 days to get to someone in TELSTRA who was able to disable internet connection on my phone. One TELSTRA 'faults technician' effectively accused me of lying - I must have been doing it myself as it was impossible for anyone else to access my mobile in this way!
    alfmar
    14th Dec 2011
    6:04pm
    I rang customer support & as usual spoke to someone in India who advised that there was no problem {or outage ] as they call it. After being transferred to 2 other Indians I was finally told that there was in fact problems. Why didn't the first fellow know this.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles