Detailed information about Telstra's customer accounts - including usernames and passwords - has been found to be sitting on the open web for anyone to access via a Google search. ~ Sydney Morning Herald
Inexcusable. No database should be storing passwords as plaintext. If people forget their passwords, they should be reset.
No doubt we'll read a press release saying they've learned a lot from their mistake, and have changed their system. Here's hoping they do learn from it, and implement some basic security protocols. They can start by ditching their revised coloured logos and going back to their retro orange one. It looks more serious, and classy.
Their old logo looks like Cadbury's glass and a half.
Hey yeah, it does! I wouldn't mind an orange zest Cadbury chocolate bar right about now.
Never mind storing customer details in plain text. The real WTF is why it was publicly accessible in a neat little form. I'm surprised it wasn't discovered sooner.
According to The Australian, the Federal Privacy Commissioner is not happy, and as a (very reluctant) Telstra customer, neither am I.
Also, the My BigPond site (where all the account management tools are) seems to be inaccessible, so I guess I won't be changing my password any time soon.
Good point. And why was all this intimate customer information even available online at all, let alone publicly accessible? Same goes for power stations et al, there are certain things that just should be off the grid.
Still, I just have knee jerk reaction whenever I hear any database administrator ANYWHERE in 2011 storing passwords as plaintext. It just... it just... it makes my head spin.
[...] unwitting users, rather than someone malicious on the outside. In any event, at least they didn't display cleartext passwords again, right? Posted in internet Leave comment postaday2011 privacy security telstra [...]