Vodafone AU Customers personal details on the net

Forums › One NZ (including Farmside) › Vodafone AU Customers personal details on the net

ajw

1968 posts

Uber Geek
+1 received by user: 369

#74870 9-Jan-2011 08:46

Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

(Mod edit: Added "AU" to title as this does not apply to VFNZ customers at this time - XPD)

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#425609 10-Jan-2011 02:31

ajw: Vodafone Australia is not only upsetting its customers with its unreliable network but now millions of its customers details have been readily available on the internet.

http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html

I think the important thing about this article is: "Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password."

So...... Yes customer data is available but only to "trusted" staff / dealers... That is no different to how anyone else run their dealer support. They may have a requirement to come in via a VPN first instead of having the portal directly online. So basically an employee of either Vodafone or a dealer breached their terms of their employment agreement and should end up in court.

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#425630 10-Jan-2011 08:41

BarTender:

But I still believe this is quite a beatup on Vodafone AU since I am sure the same (or similar, perhaps with better security involving another factor and/or VPNs) could be said about all other providers and how they run their dealer support on both sides of the ditch.

Well, the same kind of thing could happen in any number of similar scenarios; wherever you have hundreds or thousands of dealers (often low paid and on commission - summer holiday job, anyone?), of anything, where personal data needs to be collected. Think department stores, for example: chains like those are dealers for telcos, but they also do credit checking for personal finance on beds or lounge suites, or take details for warranties on TVs or washing machines.

Anyone like that is vulnerable to an insider being naughty. Hec, I imagine it could happen to the banks, too, if some idiot/nutter gave away the logins to all their customer's internet banking accounts.

The ABC's article breathlessly states that "Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts." OMG, really!? People with full access to the system have *full access to the system*? Oh, those whacky telcos and their silly security shenanigans...

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#425639 10-Jan-2011 09:25

I think the SMH doesn't make it clear enough... It seems (as others have commented) the website used to lookup customers details is accessible via the Internet with no extra protection than the username and password.

This kind of website should be, at least, behind a VPN, and to make it even harder limit VPN access to certain IP addresses.

Now, the SMH doesn't say anywhere this was a leak of information, but clearly some individual(s) using their accesses to either sell the information, or spreading their own access details so others can do it.

As pointed out, it seems lack of training and character, bribery, and other human factors are the main problem here, but obviously a newspaper won't have the facts getting on the way of a good story.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#426059 11-Jan-2011 11:37

Release by Vodafone New Zealand this morning:

Vodafone New Zealand is committed to ensuring that all customer details and private information entrusted to us is safe and secure at all times.

The Vodafone New Zealand customer database and applications are on servers with appropriate access security in place at various levels.

Access to these systems is for approved personnel only via an authentication procedure which requires more than a username and password.

In addition VFNZ has rigorous security policies and procedures including regular audits and security reviews which ensure our customers? data remains protected.

All customer account access is monitored and logged. Should any unusual activity be reported, it will be identified and investigated.

Vodafone New Zealand wishes to assure customers that we take the security of their information very seriously.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.