Telstra Leaves BigPond User Details Exposed


On Friday, an unsecured search page left account information for Telstra users completely accessible to anyone who cared to look. The breach was discovered by a Whirlpool user, who came across it simply by searching for a “Bundles” support number on Google provide to him by a customer service representative.

Telstra was quick to shut the page down, along with its email network, which was shuttered for close to 24 hours, according to reports.

While it was active — and at this stage no one is sure who long the page was unsecured for — it was possible to search for customer names, plan details and usernames, comments on specific users and even passwords.

The leak was first identified — almost by accident — in this post on the Whirlpool forums, but it has since spawned its own discussion thread.

The Australian reported that credit card details were also available, but was unable to confirm it, while SMH is saying that credit card data was not only encrypted, but not displayed. Hopefully we’ll have clarification on this point in the near future.

A story regarding the incident in the Sydney Morning Herald states that Telstra is investigating the issue and will make the Privacy Commissioner aware of the details. If the Commissioner’s views on the Sony data breach from earlier this year are anything to go by, Telstra had best do it sooner rather than later.

It appears some 60,000 account passwords were reset, but I’m sure we’ve yet to find out the full ramifications of the breach. Let us know if your password was reset, or Telstra has been in contact personally regarding the breach.

[SMH, with The Australian and Herald Sun]

[Thanks to everyone who sent in tips]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.