QANTAS Cyber Incident

[oz_mark]

From what I understand, the Optus event occurred when a contractor saved passwords to their favourite browser password vault and then logged into their account on their favourite browser on their personal PC and the password vault sync’ed and then their personal computer was compromised and someone was easily able to get corporate security details.

I think you are referring to the Medibank hack here. The Optus one is said to be much simpler

 

[QFFHntrGthr]

(OMG the trouble if someone ports your phone number), etc etc.

To port your number, the hacker would need your current carrier, the account number (not just the phone number) and if it is post or prepd. You're relatively safe on that front.
Still need to be vigilant though.

 

[offshore171]

“Hacked” or “let in”, I think that is unnecessarily splitting hairs on terms now… malicious access to unauthorised systems gained through malicious means with malicious intent. I’d still call that “hacked”.

Indeed. There's even a recognised term for this modus operandi: Social Hacking

"Social hacking, also known as social engineering, refers to the manipulation of individuals to gain access to systems, information, or physical spaces. It relies on psychological manipulation and deception rather than technical exploits to trick people into divulging sensitive information or granting unauthorized access."

If, as reported, the attacker managed to convince someone over the phone to grant them broad access to the system, then this absolutely meets the definition of a social hack.

 

[moa999]

Anyone else received any foreign calls yesterday.
I had two - one from +30 (Greece) and one +31 (Netherlands). Per Reddit others with breach notice had similar, particularly Greece numbers. Unsure if coincidence.

I do have a redeemed reward flight this month.
But can't remember contacting the Qantas call centre in a few years

 

[offshore171]

Anyone else received any foreign calls yesterday.
I had two - one from +30 (Greece) and one +31 (Netherlands). Per Reddit others with breach notice had similar, particularly Greece numbers. Unsure if coincidence.

I had a phishing SMS attempt from a +63 number. Philippines!

But can't remember contacting the Qantas call centre in a few years

Likewise. I can't recall ringing them for several years. I've shifted most of our travel to Emirates and JAL.

 

[justinbrett]

Am I missing the point here? Many people saying that they use Authenticator/trust QF would reimburse any hacked or stolen points etc, which I get. But isn’t there a bigger risk for identity theft or other financial mischief away from QF if hackers have your name, address, email and DOB - which info is commonly used to authenticate transactions to reset passwords, port phone numbers (OMG the trouble if someone ports your phone number), etc etc.

Pretty weak security on those other companies part if that's all it takes to gain access. If you are dealing with a company of substance (ie beyond store loyalty programs) that don't require 2FA I'd suggest you're probably at more risk from them than this breach.

The number of people I know who have their DOB on facebook.... This stuff is not hard to find out.

 

[MELso]

Anyone else received any foreign calls yesterday.
I had two - one from +30 (Greece) and one +31 (Netherlands). Per Reddit others with breach notice had similar, particularly Greece numbers. Unsure if coincidence.

I do have a redeemed reward flight this month.
But can't remember contacting the Qantas call centre in a few years

These are likely spoofed numbers, with your number called by an autodialler. They work systematically through phone numbers so your numbers probably weren't targeted.

If you are targeted when future scammy calls come, don't be surprised if they do cite one or more of the data points known to have leaked. ('Is this MELso with QFF number 1234567 and email [email protected]? If so, we've noticed some unusual activity on your account. Can you please confirm your postal address, PIN and your mother's maiden name?' Or something like that...)

These tend to happen regardless (the occasional times I have bothered interacting to work out how much they do know about me, it's clear they've got my name, mobile and email from a previous data breach they were involved in). The best you can do is to let the phone call go through to voicemail, or answer with dead air.

 

[SeatBackForward]

Can you please confirm your postal address, PIN and your mother's maiden name?

No way I'm ever saying that to someone who's called me unsolicited.

 

[moa999]

These are likely spoofed numbers, with your number called by an autodialler.

Agreed most likely case.. albeit if one is going to spoof a number you'd think you'd choose an Aus one.

I also tend to ignore any mobile calls from higher numbered ranges as they tend to be more spam.

 

[OZDUCK]

I have not received the second email yet. But I have never contacted Qantas by phone or email.

Anyway I know my DOB is already out there as I have had a few of those 'pay money or I will expose footage taken on your (non-existent) PC camera' scams showing it

 

[dylarr]

I want to know what data they actually DID get, not an email saying what they DIDN’T.

Yes this is something Qantas will need to clarify quickly.

So far they’ve focussed on telling everyone about the classic PII attributes such as name, email, phone, DOB and QFF number. A servicing platform is sure to hold more data than this, and even data that is perceived as low risk or insignificant could be quite harmful in the wrong hands.

 

[moa999]

something Qantas will need to clarify quickly

I'm sure they are trying. But equally a smart hacker will cover their tracks, delete logs etc

Certainly appears that the hacker has grabbed a large database file.
But it's also a question as to how accessible it is to any hacker - eg. Were DOBs and passwords cryptographically protected, which would be normal practice.

 

[RooFlyer]

So I called their help advice line 2 8028 0534. Went to the UK. Chap said to call IDCare, who were 'looking after things'; gave a number starting with 2 (I corrected him and said it should be 02 outside of NSW).

I rang ID Care - 02 8xx_x number, so it too is offshore - Brit accent. Rather strange conversation. Didn't sound like he had been briefed, but then sorted it out. To cut a long story short, they were reassuring that nothing to worry about. Info leaked can't be used for identity theft. I challenged re hacker with data accessing third party accounts. No. When I summarised the call as "so its a case of 'don't worry, be happy' " ? He said 'That's right'.

I did note that in these things, what's said to have been disclosed early wasn't the end of it, and he agreed. Then gave me a client number 'so if I call back' ....

Ye Gods.

 

[swampy452]

Just a heads up for everyone else caught up in the hack. I just received an email offer from Qantas for a $99.50 credit on a NAB cc. Click on the "Claim Now" button. Very slick email, my FF status etc was noted. So its started.

""From the email.
How to Claim Your Gift:

• Click on "Claim Now" to begin.
• Follow the simple 3-step process to redeem your coupon.

Things to Know Before You Start:

• This gift coupon can be redeemed only once. Please do not share the link with others.
• You will need to verify your billing address.
• Choose your preferred method for redeeming the coupon.
• Complete SMS Verification to confirm your payment details.
• The coupon balance will be reflected on your statement within 24 business hours.

 

[SeatBackForward]

So I called their help advice line 2 8028 0534. Went to the UK. Chap said to call IDCare, who were 'looking after things'; gave a number starting with 2 (I corrected him and said it should be 02 outside of NSW).

I rang ID Care - 02 8xx_x number, so it too is offshore - Brit accent. Rather strange conversation. Didn't sound like he had been briefed, but then sorted it out. To cut a long story short, they were reassuring that nothing to worry about. Info leaked can't be used for identity theft. I challenged re hacker with data accessing third party accounts. No. When I summarised the call as "so its a case of 'don't worry, be happy' " ? He said 'That's right'.

I did note that in these things, what's said to have been disclosed early wasn't the end of it, and he agreed. Then gave me a client number 'so if I call back' ....

Ye Gods.

This is more than likely a "Crisis management" solution provider, that does this globally to major companies suffering similar. It's a cheap and lazy tactic (not to mention kind of insulting to victims) so not surprised QF are doing this. Again one of the things some exec will be heralded for implementing and getting lush bonuses for.

 

[DejaBrew]

A very warm welcome to posting @swampy452

 

[SYD]

Just a heads up for everyone else caught up in the hack. I just received an email offer from Qantas for a $99.50 credit on a NAB cc. Click on the "Claim Now" button. Very slick email, my FF status etc was noted. So its started.

""From the email.
How to Claim Your Gift:

• Click on "Claim Now" to begin.
• Follow the simple 3-step process to redeem your coupon.

Things to Know Before You Start:

• This gift coupon can be redeemed only once. Please do not share the link with others.
• You will need to verify your billing address.
• Choose your preferred method for redeeming the coupon.
• Complete SMS Verification to confirm your payment details.
• The coupon balance will be reflected on your statement within 24 business hours.

Welcome to AFF.

What was the sender email address? That’s often the giveaway for phishing scam emails.

 

[DejaBrew]

What was the sender email address? That’s often the giveaway for phishing scam emails.

That, and the underlying links when you hover over the various links/buttons.

 

[Quickstatus]

So I called their help advice line 2 8028 0534. Went to the UK. Chap said to call IDCar

At least that is consistent. Off shore call centres

 

[Aeryn]

From what I understand, the Optus event occurred when

That is not what happened my partner was part of the consulting team bought in to identify the root cause and implement new processes. It would be inappropriate of me to divulge confidential details but it was absolutely nothing to do with contractors saving passwords on personal computer or call centres. An authentication app is needed to logon to all systems with PII.

The scale of the Optus leak was 10k customers; only some of which had license/passport details. Inexcusable yes but this Qantas leak is many magnitudes larger at 6M and as others have said the details stolen are enough to gain access to all sorts of other accounts/services you may have, which use that email address many of which don't offer 2FA such as shopping sites, streaming services so only ask for name, DOB or billing address to validate you.

Having to create new email accounts for all online accounts which use the same account as Qantas will be a pain but can be done. Changing DOB cant be done and changing your address is also not practical. I am thankful i use PO Box for most things and banking/ATO aside no one else has my home address on file; I can easily get a new PO address if needed.