Little Things You Hate

link1896

Mr Greenfield
You can assess what data Optus has stored about you, the API is still running.


After logging in at https://Optus.com.au, you can then check two URLs to see what is stored. Open another browser tab.

This is not a guarantee that your data was leaked or stolen – but lines up with the sample data posted online by the hackers – and then you know what is on file with Optus (eg if you can't remember if you used your passport or drivers license)

https://www.optus.com.au/mcssapi/rp-webapp-9-common/user/information

https://www.optus.com.au/mcssapi/rp-webapp-9-common/customer-management/contact-person/{contactId}?lo=en_US&sc=SS

In the second URL you will need to replace {contactId} with with that found in the first link. Remove the {} from the ContactID string, which should be the 6th field returned. The second query, the 13th and 14th fields will be "identValue" and "identType", which in my wifes case are her drivers license values.


This info came from https://forums.whirlpool.net.au/archive/3z4yl2qw-3#r71771674


Mates in senior roles in other sectors of IT are gobsmacked the API is still running and is still public facing 7 days after the breach was made public, suggesting it's part of a much bigger system that cannot be easily turned off, potentially also legacy.
 

link1896

Mr Greenfield
That's the same as the email I got too.

When I punched in the link @link1896 posted I couldn't find any contact ID on the personal info page.
You logged into your optus account on a pc via a browser not in incognito mode, and once successfully logged in, opened another browser tab and ran the first script and got nothing back?
 

cammas

Seamstress
LTIH- people touching my stuff, on a packed train no Available seats so scooted into small luggage spot directly opposite my bike (I like to watch) then some teenage boys and a girl get on the train. I’m doing some emails to work then look up and they starting to touch it where my gps and lights are, what they didn’t realise was I’m sitting there watching them
“Do you mind not touching my shit”
Oh sorry (in other words we didn’t see you there)
“Look but don’t touch”
Nice bike what is it?
“Merida”
Nice
A minute or so later they shuffled down to middle of the train away from my bike and me. Little fuckers, nothing worse then people who can’t keep their hands to themselves.
 

ausdb

Being who he is
You can assess what data Optus has stored about you, the API is still running.
The pages are stil working today, I can see lotsa personal information I usually don't share :(

My dear customer letter reads like this

It is with great disappointment I'm writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.​
Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, and the number of the ID document you provided such as drivers licence or passport number. No copies of photo IDs have been affected.​

I had a look on the WA Dept of transport website about getting a new D/L number and its a bit murky, says I'm entitled to have a new number issued if the Optus letter says my details were compromised. Their email is non specific but the data from the two pages makes it clear my D/L is the ID document.

Time to play wait in the phone queue tomorrow if I get a lunchbreak.
 

ausdb

Being who he is
And a final piss me off for the day, I ordered some stuff from Cyclingdeal the other night. Saw the free shipping by Fastway option or $15 extra for Express post, decided $15 on a $70 spend was excessive so went with the free Fastway option. Get an email this morning from Aramex with tracking details FFAAARRRRKKKKKKKK forgot what a useless bunch of pricks they are and that they own Fastway :(
I guess this could also qualify for the Fwits thread ;)
 
Last edited:

shiny

Go-go-gadget-wrist-thingy
You can assess what data Optus has stored about you, the API is still running.


After logging in at https://Optus.com.au, you can then check two URLs to see what is stored. Open another browser tab.

This is not a guarantee that your data was leaked or stolen – but lines up with the sample data posted online by the hackers – and then you know what is on file with Optus (eg if you can't remember if you used your passport or drivers license)

https://www.optus.com.au/mcssapi/rp-webapp-9-common/user/information

https://www.optus.com.au/mcssapi/rp-webapp-9-common/customer-management/contact-person/{contactId}?lo=en_US&sc=SS

In the second URL you will need to replace {contactId} with with that found in the first link. Remove the {} from the ContactID string, which should be the 6th field returned. The second query, the 13th and 14th fields will be "identValue" and "identType", which in my wifes case are her drivers license values.


This info came from https://forums.whirlpool.net.au/archive/3z4yl2qw-3#r71771674


Mates in senior roles in other sectors of IT are gobsmacked the API is still running and is still public facing 7 days after the breach was made public, suggesting it's part of a much bigger system that cannot be easily turned off, potentially also legacy.
Got the email that my ID doc was leaked. I was with Optus 12 odd years ago. Annoyed they have kept my details for this long. No idea what I signed up with. Presume drivers license, so best to get a new drivers license id? Lack of details on what to do is frustrating.
 

creaky

XMAS Plumper
I got a different notification that doesn't mention drivers licence. Both me and the missus got this same message for our two different accounts. So seems we were luckily on the lower end of the breach.
View attachment 393091
I got the same suite of items in my email too and checked using those links above, which had no references to my DL or passport etc. numbers.

Still annoying to have phone, email, DOB and address ‘hacked’, but how many times have we typed those into online forms in the past ! Under no illusions that the info is safe in the world of the internet anyway.
 

Minlak

custom titis
I find the Optus data breach to be having the same kind of effect on people that the big NSA revelations had a few years ago - people were so surprised their Government was watching them.

Apart from maybe Drivers Licence the majority of people will have online shopped at some point and had their information passed on to "Partners" and onsold already.
Email / Phone / Address will be everywhere - And a lot of people will have given away DOB as well for many rewards apps like Subway etc where you get stuff on your birthday.
 
Top