Optus customers complained about seeing other customers' personal information after logging into Optus My Account. While some customers reported receiving phishing emails purported to be from Optus. Optus is one of the largest telecommunications company in Australia with almost 10.2 million mobile customers.
Customers who received phishing emails purporting to be from Optus noted that the phishing email contained a malicious invoice PDF. One customer tweeted that hat she received a suspicious email claiming that her bill was $300 when it should be only $100 under her usual plan.
Another customer named Tommy also known as ‘ShiftyChips’ tweeted that while he attempted to log in to ‘My Account’ he was logged in as Vladimir. “Yo someone tell @optus some shit is going down with My Account. Page refreshes every 2 seconds and when I managed to click into my account (chrome auto fills my deets) I was Vladimir? Yea i ain’t Vladimir,” Tommy tweeted.
Massive breach of privacy
A customer named Daniel Grallelis tweeted that while he logged in to his ‘My Account’ he could see another customer’s personal information such as name, phone number, and account number and he noted this as a massive breach of privacy.
“Optus, I just logged into MyAccount to check my bill, and I was automatically logged in as a different customer - with their name, mobile number and account number in plain view for me to see. This is a massive breach of privacy and I wonder if this has happened to me? DM,” Grallelis tweeted.
Optus' 'My Account' website disabled
Upon receiving so many complaints from its users, Optus started replying its customers that it has started an investigation regarding this incident. Later, Optus temporarily disabled ‘My Account’ site as a precaution in order to stop further malicious activities.
After a few hours, Optus confirmed that ‘My Account’ site is back up and running. The telecom giant added that it is working closely with third-party vendors to identify the root cause of the incident and will be notifying all potentially affected customers about the incident.
“The Optus My Account website is now operational, and Optus is working with our third-party vendors to identify the cause of yesterday's issue,” Optus said.