‘Human error’ emerges as factor in Optus hack affecting millions of Australians

Preliminary research by Optus suggests that an IT programmer’s error may have inadvertently enabled cybercriminals to steal personal information from potentially millions of customers.

A senior figure within Optus has spoken to the ABC on condition of anonymity to provide confidential insight into the early findings uncovered by the telecom company’s IT specialists.

“[It’s] This breach is still under investigation, but this breach, like most, appears to be the result of human error,” the Optus insider told ABC.

“[They] wanted to simplify the integration of systems to meet the two-factor authentication regulations of the industry regulator, the Australian Communications and Media Authority (ACMA).”

The process allegedly involved opening the Optus customer identity database to other systems via what is known as an application programming interface, with the assumption that the API would only be used by authorized company systems.

“Finally, one of the networks it was exposed to was a test network that happened to have internet access.”

This allowed access to the Optus network from outside the company.

A graphic shows an API that sits between the Internet and a web server, which sits between a web browser and a database.
Application programming interfaces allow different applications to communicate with each other.(ABC News: Emma Machan)

The ABC earlier today asked Optus CEO Kelly Bayer Rosemary specific questions about whether human error related to the company’s API was behind the breach.

“I know people are hungry for details about the exact way this attack could take place, but it is the subject of a criminal case and as such we will not be releasing any details about it,” Ms Rosemary said in an online media briefing.

Source link

READ:  Review: Vilo Mesh Wi-Fi System