Telstra's biggest BigPond blunder
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
At approximately 1pm last Friday, a customer of Telstra BigPond – Australia's largest internet service provider – posted on a forum that:
“If you do a Google search for that number [the number for Telstra's ‘Bundles' department, 1800 008 851], you get a very interesting result. Um, Telstra, that's customer information just sitting out on the open Web … That page also seems to suggest that he shouldn't have given me the number, but should have put me through.”
The customer had been trying to get a discount on a special “bundle” of services. Customers who had opted for the bundled services were the ones being managed within the software system, a customer relationship management program, that was exposed on the internet.
The forum conversation quickly turned to an exploration of what details were accessible: usernames, passwords, full names, home and mobile numbers and addresses. It appeared the passwords may have been the initial ones issued to customers when their account was set up.
A user sent a complaint to Telstra and it was presumably then that staff at the company realised what had happened.
By 5:20pm, one forum user noted the site had been taken down. By then, access was also blocked to services such as email and account information. BigPond services remained blocked for most users for another 24 hours and when access returned, approximately 60,000 users' passwords had been reset (including mine).
Telstra users were not notified and would only have found out about the outage if they contacted the help desk or through articles appearing in the Sydney Morning Herald or The Australian.
Resetting a password involved a lengthy wait on the telephone. As of Sunday evening, this was at least 45 minutes and so it appeared Telstra had not deployed any extra staff to handle the consequences of the breach. Whoever was manning the @telstra account on Twitter tried to empathise with customers without being able to do anything meaningful.
Telstra staff were apparently investigating how the site was exposed to the public and would notify the Privacy Commissioner. The fact the system was not password-protected and relied only on the expectation that nobody would discover the web address stretches credulity somewhat.
This is not the first time Telstra has breached customer privacy. In 2010, the company posted 220,000 letters containing account information belonging to customers.
With all incidents such as these, the best a company can hope for it that its customers are an understanding lot. This, to some degree, depends on the company acting quickly to resolve the problem, informing everyone of the details and then moving rapidly to get customers' issues resolved.
None of which Telstra managed to achieve – it took 24 hours to get services such as email back online.
Customers are being told they will be contacted within two to three days. As one those customers, I received this message on Twitter:
“Really sorry if your details were released. We will be contacting affected customers within the next couple of days to discuss.”
Telstra is seemingly not mobilising extra staff to handle support calls or password resets.
It has not been a good four weeks for large Australian corporations after the Qantas fleet grounding and associated PR gaffes. Telstra has managed to – almost – follow suit in alienating its customers.
The only thing missing in this instance is a Downfall parody.
David Glance is a Director at the Centre for Software Practice at The University of Western Australia.This article first appeared in The Conversation on December 12. Republished with permission.
Call 1300 880 160
Start a chat
Schedule a call
