Discover and read the best of Twitter Threads about #optusdatabreach

Most recents (3)

Re #OptusHack: as a software engineer, it frustrates me the media is reporting it as a sophisticated attack. It was not. It was equivalent to leaving your front door unlocked with a sign that says valuables inside. They failed at really basic stuff. I'll explain it simply. 1/6
Servers typically use an "API" to load data and add functionality to the user interface. When you login, tap on a like button, try to load your profile page etc. the app or web browser sends a request to an API to complete that action or retrieve that data. 2/6
Any API that exposes personal information should be protected behind authentication (like a username & password). In the case of the #optushack, it has been reported that one of their APIs that could retrieve personal information DID NOT REQUIRE any authentication whatsoever. 3/6
Read 7 tweets
Here are some technical observations related to the Optus breach. This gets into the technical weeds, but it’s important for understanding how this breach may have happened. I’ll try to make it as comprehensible as possible. #optushack #auspol #infosec
Some information is based on public data. The analysis comes from information security experts, whom I appreciate reaching out to me. πŸ˜‰
We know that the breach occurred because the Optus hacker abused an application programming interface (API) which was api[dot]optus.com.au. As we know, that API was left open on the internet.
Read 14 tweets
Bad news. The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn't give into the extortion demand. #OptusDataBreach #optushack #auspol #infosec
Quick observation on this new data. It appears Medicare numbers may be exposed for some people. Redacted screenshot below. #Optus #OptusDataBreach
The word "Medicare" appears 55 times across these records.
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!