Absolutely, and you can bet this is going to happen once this dataset is sold off.
Luckily (buried at the bottom of their announcement), at least for the moment sim swaps, ports, etc are in-person, in-store with physical ID only.
Readit Newstonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
> scenarios of what could happen
What could happen?
In my case the home address is old, not my current one, so I dodged a bullet there. That leaves name, DOB and drivers license number. How can those 3 things alone be used?
Email and phone were taken, but nobody can use those if verification is needed. And I can easily change those details in the various places they are used.
I'm quietly confident that because my home address is my old address, and therefore not associated with my drivers license, I'm in better shape than millions of others in this breach.
I'm still angry about it! The email from Optus was tone deaf. They worded it like they are the victims, downplayed the importance, and even ended with "warm regards".
My main concern is that, with ID, it becomes possible to do a Sim swap or number port, which would be the start of a heap of nightmares. Luckily, buried at the bottom of Optus' announcement, they mention that (for the moment) those can now only be done in person, in-store, with physical ID.
For the other stuff (address, name, DoB)...what are the things nearly everyone asks when you ring to make account changes, to verify you are you..
I'd be careful with the home address too (although you should be ok). I moved around a bit a few years ago, and lost track of where I'd updated my address. It was usually as simple as 'I think my most recent address with you is X, can you please update it to Y', and as long as the other stuff checked out, no questions were asked.
And yeah, I had to laugh about that press release :/
Still no email this side. No news is good news, right?
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
Yep, my details were part of the breach unfortunately. I hate Optus now more than ever.
I left them 2 years ago but they keep my details in a database accessible to the internet? Why? Details leaked are name, email, phone, DOB, home address, drivers license number.
About 4 years ago I emailed them complaining that their marketing team were using my date of birth to send me "birthday deals" on my birthday. Something I never opted in for. I found it creepy because the only reason they knew my DOB was from a sign-up security verification process. So back then they were sharing security details from customer signups to their marketing team for use in promotional material. No respect or care for user's data.
I wonder if a class action can be brought against Optus.
Ah man, I'm sorry to hear that. No emails here yet, but not to say I'm not in the category one down yet (which is only slightly less bad).
I'm starting to worry about the general public's understanding of the ramifications of this. When it first broke, I was pretty upset, and my partner (well educated, and with me long enough to understand some things about breaches) thought my concerns and anger at optus was excessive. It's only after I explained to her in some detail a few scenarios of what could happen with the information, that she asked questions about what we should be doing.
I think we'll be seeing fallout from this for years to come.
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
I doubt from 2 years ago. They probably said that to cover those who recently left. I guess we'll see. Not sure if they are notifying people or there's any way to check?
Based on one newer article I've seen, leaked data dates back to 2017, so...
No idea how accurate this is just yet though.
They claim to have started notifying people today (Saturday), with customers with most amount of info leaked being prioritised. Supposedly if you've had ID information stolen, you'll know today. Fingers crossed.
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
You can't make an account with the number or a scan of an ID document (at least here in the EU, but i doubt it'd be much different down under). The real thing is required, or in the case of neobanks, multiple photos at specific angles + selfie from their app.
All it takes to register a new number here, are your details including name, DoB, physical address (all the complete ones leaked), the type of ID used (passport, drivers license) and the number on that ID. You can do it in about 5 minutes online, and the number is then active (but not before).
Not even a copy of the document is required, and it doesn't have to be sighted by anyone. From memory, you don't even have to supply the expiry date on the document (and driver's license numbers remain static).
One of the first things I see happening, is criminals using this to obtain burner numbers not traceable to them.
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
Great.
My coworker got hit by massive targeted identity theft which started with their SIM, provided by Optus. The attackers were able to successfully port my coworker’s Optus number and then hacked their Optus email which had everything in it. It took them months to undo the damage, and more trouble was always around the corner usually while they were sleeping or the service being hit didn’t have support staff online. Do Optus even have any security checks at all for preventing fraud?
Lessons: if the service doesn’t support MFA, don’t use it; don’t put all your service eggs in one basket; don’t assume that your phone number is safe, and act accordingly.
Optus needs to pay for this and I don’t just mean dollars. Comfortable people with responsibilities they didn’t failed to keep need to see gaol time, or at the very least lose their jobs and not be allowed to walk back into the revolving door for a long time. This is outrageous.
This just twigged something for me - there is now enough information available to easily do number ports, giving someone else control of the number used for MFA. Anything that relies on your number to verify account actions, transactions, etc is now at risk.
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
"Payment detail and account passwords have not been compromised."
No, just your identity is. If you're Australian, you or someone you know will be in this. What a total fuck up.
And why, oh why, are past customers in there. I'm a current one, but even 'not being with them' doesn't necessarily exclude you from this.
tonteldoos commented on 9M Australians affected by Optus data breach optus.com.au/about/media-... · Posted by u/tonteldoos
OP here.
Some more information here (not my preferred source, but oh well): https://www.news.com.au/technology/online/hacking/up-to-9-mi...
It seems around 2.8m have had 'all' data stolen (including ID, address, etc), and around 7m 'just' names, DoB and numbers/e-mail addresses.
Apparently Optus is working on sending personalised details to customers.
What a monumental stuff up.
> Its a stick shift so remote start is pointless since someone has to press the clutch in.
I have driven stick shift cars my whole life, and never encountered one where I had to press in the clutch to start the engine.
Unless you park uphill/downhill, and leave it in first as an added safety measure with the parking brake...