14 DAY TRIAL // After a few hundred thousand of their customers were left exposed due to an error on an unsecure and openly accessible webpage in early December, Telstra goofed up again, publishing a spreadsheet containing details on around 1,500 of their customers.
According to MusicFeeds, emails and ticket details of Bigpond clients were posted online for anyone to access by a consultant who was using the document for coaching purposes.
“Obviously our customers’ privacy is paramount and the site was disabled within an hour of Telstra being made aware of it. Access to the tool for staff has also been disabled.
“The spreadsheet contained around 1500 BigPond email addresses, some postal addresses and telephone numbers; at this stage we have no reason to believe it contained passwords or credit/financial information,” the company said in a statement.
“We believe it was a spreadsheet put up by a consultant to use in training /coaching and was not malicious in intent. Telstra will inform the Privacy Commissioner, the TIO and the ACMA. Additionally we will contact all customers whose details appeared on the site.”
While it’s fortunate that financial information was not contained in the shared file, smart cybercriminals could rely on even the smallest details to launch a malicious operation.
For a regular person it may not be a big deal to know that someone can’t connect to his online account, but for someone with bad intentions, this could be the perfect opportunity to start a social engineering plot and make the victim provide other, more sensitive, details.
On the other hand, customers are complaining that they weren’t contacted after the data breach and they’re becoming anxious since they believe that the data posted online can be used to reset their passwords, the Sidney Morning Herald informs.
Telstra representatives state that affected clients are being contacted progressively as they work through the data contained in the spreadsheet, but they don’t believe that customers passwords should be reset.