‘Not highly sophisticated’: Coding error behind Optus data breach for 9.5 million Australians, ACMA alleges

by
‘Not highly sophisticated’: Coding error behind Optus data breach for 9.5 million Australians, ACMA alleges

Australia’s telecommunications watchdog has alleged Optus could have fixed a simple coding error four years before hackers were able to steal personal details of millions of customers.

In a claim published by the Federal Court on Wednesday, the Australian Telecommunications and Media Authority (ACMA) outlined how it alleged the September 2022 cyber attack took place and the failures of Optus to notice or fix the vulnerability.

About 9.5 million current and former customers were caught up in the breach, with personal information including names, dates of birth, phone numbers and email addresses exposed over three days.

The personal details of about 10,200 people were subsequently published on the dark web.

BUDGET IMAGES
Camera IconThe telecommunications and media authority alleges the hackers exploited the error in a simple process. NewsWire / Damian Shaw Credit: News Corp Australia

The ACMA, which launched legal action against Optus in May this year, alleges a coding error in September 2018 left a dormant web API vulnerable when it became internet acceptable in June 2020.

It’s alleged Optus identified it’s main website was vulnerable and fixed the error in August the following year, but did not notice the same issue affected the second system.

“The target domain was permitted to sit dormant and vulnerable to attack for two years and was not decommissioned despite the lack of any need for it,” the filing reads.

“The cyber attack was not highly sophisticated or one that required advanced skills … it was carried out through a simple process of trial and error.”

PEOPLE on THEIR PHONES
Camera IconCurrent and former customer data was exposed until 3.45am on September 20, 2020. NCA NewsWire / Christian Gilles Credit: News Corp Australia

The Authority alleges Optus had the opportunity to identify the coding error at several stages in the preceding four years before the breach.

The ACMA is seeking penalties, alleging Optus breached the Telecommunications Act at least 3.6 million times — the estimated number of active Optus subscribers at the time.

If proven, each breach carries a penalty of up to $250,000, resulting in a theoretical maximum of $900 million.

Optus has previously declared its intent to defend the proceedings, saying it had previously apologised to customers and reimbursed the cost of new identity documents.

The case will next return before Justice Jonathan Beach in September for a case management hearing.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Chronicles Live is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – chronicleslive.com. The content will be deleted within 24 hours.

Leave a Comment