A Telstra databank with potentially millions of user details has just been leaked online.
Click to enlarge
The information leak, uncovered by a Whirlpool forum member who searched online for a customer support number, but instead stumbled across the database, available online for all to see on a Telstra website.
The telco customer, who stumbled over the details by typing in ‘Telstra Bundles request search’ to Google, a webpage which basically catalogues all Telstra customer details.
Private user details can be found simply by typing in user’s billing account number, rightnow reference, customer last name or salesforce ID.
However, the page, although still live, does not appear to be working at present.
All history of the Telstra customer is contained on the database – from broadband plan, other Telstra services a user may have, and in some cases private usernames and passwords, according to Fairfax Media.
The offending Telstra web pages states: “Information entered into or derived from this webform is Customer Data and Confidential Information and must not be used for any other purpose than to review the status of a customer’s Bundle order.”
It is now known how this massive information leak occurred. The telco has one million customers on ‘bundled’ plans, it said in August.
It is not yet known if customer payment details could also be attained from within the database. Telstra could not be contacted at the time of writing but did say to media earlier today:
“Telstra is reported to have said it takes its customers’ right to privacy very seriously and is taking immediate action to resolve this issue.
“We will investigate and keep our customers fully informed.”