Optus cyber attack: Why data hack was a simple security breach

A tech expert has refuted claims the Optus cyberhack that exposed millions of customers’ sensitive details was ‘sophisticated’, saying hackers accessed a ‘goldmine’ in a simple security breach. 

Optus customers past and present have potentially had their personal addresses, dates of birth, passport details, drivers licences, phone numbers and email addresses stolen last week in Australia’s largest data breach. 

Optus CEO Kelly Bayer Rosmarin described the cyberhack as a ‘sophisticated attack’ that compromised the records of 9.8 million people in the ‘absolute worst case scenario’. 

However, tech expert and editor of EFTM.com Trevor Long said he wouldn’t call the data breach a ‘hack’ as the telco company’s security was ‘just not good enough’.  

‘If we are to believe the hacker, this was not even a sophisticated hack, it’s not even a hack,’ Mr Long told Daily Mail Australia. 

‘They were able to exploit an internal system and access information in a simple security breach.

‘It’s a goldmine for identity fraud and hackers and now there’s already 10,000 people whose details are readily available to scammers.’

Mr Long explained the hacker was able to find the address of the telco’s central computer containing the database of customer records and information. 

The hacker, known as ‘Optushack’, allegedly requested the records and was given access to the information without having to provide authentication or a password. 

If true, Mr Long has labelled the lack of security as a ‘fundamental flaw’ in Optus’ cybersecurity defences.  

‘If the hacker is telling people about their access to the API [Application Programming Interface] being so simple and not authenticated, it’s simply a breach and that makes this even worse,’ Mr Long said. 

Mr Long said Optus needs to have a ‘look at themselves’ as he believes the data was not encrypted…