Personal and account details of over one million customers of Australian telecom giant Telstra were accessible to any Internet user – and may have been taken advantage of – for an unknown period of time.
The fact was discovered by a Telstra customer who was looking for the company customer support phone via Google and among the search results was offered a link to the “Telstra Bundles request search” page.
From this page, anyone could search for account details of any of the company’s customers simply by entering their last name, account number, sales force ID or reference number.
The results of such a search would reveal information such as what services and which plan they are on, information about technician visits, SMS messages, credit check history, email correspondence exchanged between the customer and the company’s staff and, on occasion, even their usernames and passwords.
According to The Age, the page in question was accessible up to an hour after Telstra was notified of the issue, but was afterward removed. The company spokeswoman said that they will investigate the accident and brief the Privacy Commissioner about it.
This is not the first time Telstra has made a mess by inadvertently leaking private information about their customers – they had three separate incidents happen in 2010. But the questions that need to be answered now are for how long was the site available to the greater public and was the access misused?