link1896
Mr Greenfield
You can assess what data Optus has stored about you, the API is still running.
After logging in at https://Optus.com.au, you can then check two URLs to see what is stored. Open another browser tab.
This is not a guarantee that your data was leaked or stolen – but lines up with the sample data posted online by the hackers – and then you know what is on file with Optus (eg if you can't remember if you used your passport or drivers license)
https://www.optus.com.au/mcssapi/rp-webapp-9-common/user/information
https://www.optus.com.au/mcssapi/rp-webapp-9-common/customer-management/contact-person/{contactId}?lo=en_US&sc=SS
In the second URL you will need to replace {contactId} with with that found in the first link. Remove the {} from the ContactID string, which should be the 6th field returned. The second query, the 13th and 14th fields will be "identValue" and "identType", which in my wifes case are her drivers license values.
This info came from https://forums.whirlpool.net.au/archive/3z4yl2qw-3#r71771674
Mates in senior roles in other sectors of IT are gobsmacked the API is still running and is still public facing 7 days after the breach was made public, suggesting it's part of a much bigger system that cannot be easily turned off, potentially also legacy.
After logging in at https://Optus.com.au, you can then check two URLs to see what is stored. Open another browser tab.
This is not a guarantee that your data was leaked or stolen – but lines up with the sample data posted online by the hackers – and then you know what is on file with Optus (eg if you can't remember if you used your passport or drivers license)
https://www.optus.com.au/mcssapi/rp-webapp-9-common/user/information
https://www.optus.com.au/mcssapi/rp-webapp-9-common/customer-management/contact-person/{contactId}?lo=en_US&sc=SS
In the second URL you will need to replace {contactId} with with that found in the first link. Remove the {} from the ContactID string, which should be the 6th field returned. The second query, the 13th and 14th fields will be "identValue" and "identType", which in my wifes case are her drivers license values.
This info came from https://forums.whirlpool.net.au/archive/3z4yl2qw-3#r71771674
Mates in senior roles in other sectors of IT are gobsmacked the API is still running and is still public facing 7 days after the breach was made public, suggesting it's part of a much bigger system that cannot be easily turned off, potentially also legacy.