Optus telco data breach – what we know so far

Optus, an Australian telecoms provider, has become the latest high-profile victim of a data breach – with the alleged attacker demanding payment to buy back millions of customer records, having already made 10,000 public online.  In the most recent developments, the attacker has now rescinded threats and deleted them from a data breach website. However, it does not change the fact that someone was able to access these customer records, including names, dates of birth, drivers license numbers, addresses, phone numbers, Medicare numbers and passport numbers, in the first place, leaving many Optus customers feeling vulnerable.


 


But how did this happen?


 


It appears that an unauthenticated application programming interface (API) was to blame.


 


Curtis Simpson, CISO at Armis explained: APIs are the entry point into the modern application and the data it processes. Exposures associated with APIs range from configuration-based to logic-based vulnerabilities that can be exploited to compromise platforms, networks, users, and data. Traditional edge security and application security testing capabilities are not identifying nor facilitating the remediation or protection against the exploitation of such exposures at scale across our cloud environments that continue to transform alongside our business operations. Real-time logic-based protections, API exposure analysis, prioritisation, and remediation through development stacks are examples of capabilities that must be embraced in order to safeguard modern web services.”


 


He continued: “Digital business is done over APIs. Our security programmes and technologies must continue to evolve around where our businesses live and operate.”


 


Adam Fisher, solutions architect at Salt Security elaborated further in his blog on the incident:


 


“Human error nearly always plays a role in breaches, but it ..

Support the originator by clicking the read the rest link below.