Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne New Zealand (including Vodafone, WxC, Farmside)Vodafone AU Customers personal details on the net

ajw

ajw

1932 posts

Uber Geek


#74870 9-Jan-2011 08:46
Send private message

Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

(Mod edit: Added "AU" to title as this does not apply to VFNZ customers at this time - XPD)




aw

Create new topic
BarTender
3607 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #425609 10-Jan-2011 02:31
Send private message

ajw: Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html


I think the important thing about this article is: "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password."

So...... Yes customer data is available but only to "trusted" staff / dealers... That is no different to how anyone else run their dealer support. They may have a requirement to come in via a VPN first instead of having the portal directly online.  So basically an employee of either Vodafone or a dealer breached their terms of their employment agreement and should end up in court.

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.



SaltyNZ
8241 posts

Uber Geek

Trusted
2degrees
Lifetime subscriber

  #425630 10-Jan-2011 08:41
Send private message

BarTender:

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.


Well, the same kind of thing could happen in any number of similar scenarios; wherever you have hundreds or thousands of dealers (often low paid and on commission - summer holiday job, anyone?), of anything, where personal data needs to be collected. Think department stores, for example: chains like those are dealers for telcos, but they also do credit checking for personal finance on beds or lounge suites, or take details for warranties on TVs or washing machines.

Anyone like that is vulnerable to an insider being naughty. Hec, I imagine it could happen to the banks, too, if some idiot/nutter gave away the logins to all their customer's internet banking accounts.

The ABC's article breathlessly states that "Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts." OMG, really!? People with full access to the system have *full access to the system*? Oh, those whacky telcos and their silly security shenanigans...




iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.

freitasm
BDFL - Memuneh
79320 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #425639 10-Jan-2011 09:25
Send private message

I think the SMH doesn't make it clear enough... It seems (as others have commented) the website used to lookup customers details is accessible via the Internet with no extra protection than the username and password.

This kind of website should be, at least, behind a VPN, and to make it even harder limit VPN access to certain IP addresses.

Now, the SMH doesn't say anywhere this was a leak of information, but clearly some individual(s) using their accesses to either sell the information, or spreading their own access details so others can do it.

As pointed out, it seems lack of training and character, bribery, and other human factors are the main problem here, but obviously a newspaper won't have the facts getting on the way of a good story.





Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 



freitasm
BDFL - Memuneh
79320 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #426059 11-Jan-2011 11:37
Send private message

Release by Vodafone New Zealand this morning:


Vodafone New Zealand is committed to ensuring that all customer details and private information entrusted to us is safe and secure at all times.

The Vodafone New Zealand customer database and applications are on servers with appropriate access security in place at various levels.

Access to these systems is for approved personnel only via an authentication procedure which requires more than a username and password.

In addition VFNZ has rigorous security policies and procedures including regular audits and security reviews which ensure our customers? data remains protected.

All customer account access is monitored and logged. Should any unusual activity be reported, it will be identified and investigated.

Vodafone New Zealand wishes to assure customers that we take the security of their information very seriously.





Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright