Telstra resets 60k passwords after privacy gaffe

Powered by SC Magazine
 

Accounts indexed by Google.

Telstra has reset some 60,000 customer passwords after accounts were exposed forcing services to be quickly shutdown.

Telstra webmail and online billing services were offline over the weekend after a user of telco forum Whirlpool disclosed on Friday that Telstra customer information including passwords, usernames, phone numbers and addresses were indexed by Google.

Reports claimed the gaffe potentially affected up to a million customer accounts, however Telstra had reset passwords for 60,000 accounts.

Telstra disabled BigPond self-care, online billing and the My Account functions at 5pm Friday, an hour after the hole was publicly disclosed.

The offending web pages appeared to be entries in a system hosted by Oracle-owned SaaS vendor RightNow, presumably for use by Telstra contact centre staff.

Within hours of the Whirlpool posting, journalists at the Sydney Morning Herald had reported the breach, before Telstra has been given the opportunity to resolve the issue.

Services have now been restored.

"Rest assured, a full investigation is underway so we can put in place measures to stop this happening again," said Peter Jamieson, Telstra's executive director of customer service on the company’s blog on Saturday.

Telstra’s contact centre agents were unable to handle the volume of calls from customers concerned their details had been exposed.

“Unfortunately we are experiencing delays in answering calls due to high call volumes at the moment. We sincerely apologise if we do keep you waiting and will get through to you as soon as soon as we can,” said Danielle Horan, head of online and social media at Telstra.

The company closed down any comment on its social media site but promised comments would be published today.

Telstra representatives responding to inquiries on Twitter ambitiously offered for the company to contact all impacted customers “early in the week to discuss further".

- With Darren Pauli

Copyright © iTnews.com.au . All rights reserved.


Telstra resets 60k passwords after privacy gaffe
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1790

Vote
Do you support the abolition of the Office of the Information Commissioner?