Some customers of Optus said they saw incorrect information when they attempted to log into their profiles using the My Account website.
On 13 February, customers of Australia’s second-largest telecommunications company took to Twitter to explain that they were having issues accessing their accounts. One such user explained that the My Account website owned by Optus was operating strangely. He went on to say that he didn’t see his correct customer information when he was ultimately able to access his account.
Another customer named Daniel Grallelis said on Twitter that something similar had happened to him. As quoted by the Australian Broadcasting Corporation (ABC):
Optus, I just logged into My Account to check my bill, and I was automatically logged in as a different customer — with their name, mobile number and account number in plain view for me to see. This is a massive breach of privacy.
These reports came at around the same time that email filtering provider MailGuard issued a warning about a phishing campaign abusing “a large number” of compromised email accounts hosted on optusnet.com.au domain. The attack emails asked recipients to open an attachment in order to view an invoice or insurance document. Those recipients who clicked on those documents in turn downloaded malware onto their computers.
It’s unclear if that campaign is related to the issues described above.
This isn’t the first time that digital security troubles have befallen the telecommunications company. Back in 2015, Optus agreed to an independent audit of its information security systems following three separate privacy breaches that occurred between 2008 and 2013. Later that year, the company confirmed it was investigating another data breach after someone leaked customer data onto Freelancer.com.
A spokesperson for Optus acknowledged customers’ issues with accessing their accounts. In a statement, they clarified that the company had taken steps to rectify the issues:
Optus is aware some customers reported seeing incorrect information when activating their Prepaid service, and when logging into My Account to pay their bill yesterday. As a precaution, Optus temporarily disabled the Optus My Account website for a period of time. The Optus My Account website is now operational and Optus is working with our third party vendors to identify the cause of yesterday’s issue.
The company went on to apologize for any inconvenience caused by the incident and said that it would be notifying affected customers.