Threat Watch

“My Account” Site for Optus Pulled Down Due to Suspicious Activity

Optus, Australia’s second largest telecommunications company received a number of complaints from their customers about being able to view other user’s personal info while trying to access their own account. Other customers complained about getting alleged phishing emails coming from Optus that contained a malicious invoice PDF, with one customer stating her reoccurring bill is $100 but the statement she had received said she owed $300. A separate customer was able to see personal information of another customer that included their name, phone number, and account number. After being flooded with messages from concerned users, Optus began investigations pertaining to these instances. For a short period of time, the site was shut down to prevent the issues from continuing until more information was known. Hours after the announcement, the site was back and Optus released a statement saying they were working with third party vendors to try to discover the cause of the suspicious activity.

 

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Since the root cause of this incident is not yet known, users are advised to change their login information as soon as possible. 2FA should also been enabled to add an extra layer of security until a direct mitigation plan is released by Optus.

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support