Some customers of Optus said they saw incorrect information when they attempted to log into their profiles using the My Account website.
On 13 February, customers of Australia’s second-largest telecommunications company took to Twitter to explain that they were having issues accessing their accounts. One such user explained that the My Account website owned by Optus was operating strangely. He went on to say that he didn’t see his correct customer information when he was ultimately able to access his account.
Yo someone tell @optus some shit is going down with My Account. Page refreshes every 2 seconds and when I managed to click into my account (chrome auto fills my deets) I was Vladimir? Yea i ain’t Vladimir pic.twitter.com/m1h2OMNLdY
— 🎄 Tommy 🎄 (@ShiftyChips) February 14, 2019
Another customer named Daniel Grallelis said on Twitter that something similar had happened to him. As quoted by the Australian Broadcasting Corporation (ABC):
Optus, I just logged into My Account to check my bill, and I was automatically logged in as a different customer — with their name, mobile number and account number in plain view for me to see. This is a massive breach of privacy.
These reports came at around the same time that email filtering provider MailGuard issued a warning about a phishing campaign abusing “a large number” of compromised email accounts hosted on optusnet.com.au domain. The attack emails asked recipients to open an attachment in order to view an invoice or insurance document. Those recipients who clicked on those documents in turn downloaded malware onto their computers.
It’s unclear if that campaign is related to the issues described above.
This isn’t the first time that digital security troubles have befallen the telecommunications company. Back in 2015, Optus agreed to an independent audit of its (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/optus-customers-saw-incorrect-info-after-logging-into-my-account-site/