Telstra, an Australian telecommunication company disabled their “Your Telstra Tools” service after a customer notified a glitch. Reportedly, the unsuspecting user pointed out to them a possible Telstra data breach as he stumbled upon 66,000 customer records on Telstra’s website.
Telstra Data Breach Exposed 66,000 Records Online
A random Telstra customer, Robert Irvine, found how a glitch in Telstra’s website exposed thousands of customers’ records online. Irvine stated that searching with the keyword ‘email’ on the website returned 66,000 records to him.
Robert Irvine is not a tech-savvy person, nor was he interested in any ‘bug bounty’ sort of thing when he noticed the error. Rather he was simply looking for a possible fix with his email when he logged into his Telstra account.
While talking about the Telstra data breach, Irvine said,
“It was so easy it was unbelievable. I actually checked it a couple of times to make sure it wasn’t by accident. I could easily access the information.”
According to Irvine, the glitch exposed explicit details about Telstra customers, including email addresses, contact numbers, and employment details. To make sure what he saw was real, he verified the details of three different customers. To his dismay, the details were verified.
‘Your Telstra Tools’ Disabled
After the news about the website vulnerability surfaced online, Telstra quickly responded to the matter by fixing the bug. They further informed that the glitch appeared in the ‘Your Telstra Tools’ help service.
In their official statement regarding the data breach, Telstra explained how and why the details were exposed to Irvine,
“The team identified emails from Telstra to 18 customers about planned network interruptions, had been made available to three customers who performed a specific search on the site. The issue was caused by an error in the system’s search function.”
Moreover, they have apologized to their customers regarding the incident. They are also notifying the affected users individually via emails.
The Telstra security breach marks the second incident in a row where a telecommunication service exposed customers’ details through a website error. Not long ago, we heard about Telefonica data breach that exposed users’ details due to an error in the Movistar website.
Let us know what you think in the comments.