Yesterday afternoon reports began to surface on social media about a potential Optus privacy breach.
Customers are complaining that they are being logged into the account of someone named ‘Vladmir’.
Update 1:30pm: It seems there is another breach that has affected pre-paid mobile SIM activation.
According to The Guardian, some customers who try to activate a new SIM are seeing incorrect personal details, including the name, SIM number and address.
Parts of the telco’s website have now been shutdown in order to fix the problem.
The original article can be read below.
Some affected customers have been receiving emails regarding their billing – when the log in they find themselves actually logged in as someone named ‘Vladmir’ before being caught in a page refresh loop.
Yo someone tell @optus some shit is going down with My Account. Page refreshes every 2 seconds and when I managed to click into my account (chrome auto fills my deets) I was Vladimir? Yea i ain’t Vladimir pic.twitter.com/m1h2OMNLdY
— ???? Tommy ???? (@ShiftyChips) February 14, 2019
One customer told the Sydney Morning Herald that they could see the account information for ‘Vladmir’, including the account and mobile numbers.
Hey @Optus I just got an email saying my latest bill is ready. Its $300. It should be less than $100 as my usual plan. I logged into my account and it said "Hi Vladamir". I have a screenshot. What's the go??!
— Sucheta (@sgorolay) February 14, 2019
It’s unclear if this incident is related to reports regarding scam emails with malicious hyperlinks being sent to Optus customers last week.
In the meantime, Optus has disabled the My Account website as a precaution while the telco works on a fix.
“We are currently looking into the issue and if required will firstly contact any customers who may have been affected,” an Optus Spokesperson told the SMH.
If you think you’ve been the victim of a scam, report it to ScamWatch. And always be extremely careful about clicking on hyperlinks in unverified emails.
We’ll let you know when there is a resolution to this issue.