QANTAS Cyber Incident

[mrsterryn]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

We create sentences , sometimes using the whole sentence and sometimes just the first letter and then use one of the special punctuation marks . Some of our passwords are 20+ letters

 

[drron]

I am not tech savvy so I have a password book. All written in my secret code. A condensed cheat sheet taken when OS.

 

[Major]

We use lastpass

 

[LondonAussie]

I don’t think people realise how often this happens, and it’s only some times you get told it happens (especially for smaller companies).

The most unfortunate part is that the companies that arguably do the right thing by telling their customers and continuing to communicate are the ones that get the most outrage and anger directed at them.

Companies that keep it generic and only post a brief notice on their website (rather than emailing customers directly and continuing to send updates), well those are in and out of the news and quickly forgotten.

 

[Daver6]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

Bitwarden being open source is my go to option. I would strongly recommend using passkeys where you can instead of passwords.

We use lastpass

I'd avoid lastpass. They've had all sorts of issues with breaches. The fact that you can reset a forgotten master password means it's inherently less secure.

 

[bussyboy]

Yes, I should have known better I should have twigged at the blood type

I thought it may have been included in a medical clearance to fly form, one of those circumstances you need to deal with the contact centre

 

[RooFlyer]

As I have said your emails are exceedingly likely to be on the dark web. You can use the free site HaveIbeenPwnded to see. Here is my report.
View attachment 457154

I have a paid access as well and it says 12 times plus names the incidents. Half I was not aware of.
So I am in agreement with @justinbrett .

I don’t need a paid system to know that I’ve been breached without knowing it.

The ones that we know about like Qantas just add insult and more injury to injury.

I had a major emails change 18 months ago when my big pond emails started getting avalanches of cough. I now maintain three emails for different purposes and I still use the two now junk big pond emails where needed.

It took a year for all the places I’d used one of my BigPond emails as a login or some other entry point to come out. I think the last one I realised was Healthscope Hospital on line admission. Not a service I use regularly, thankfully.

 

[Aeryn]

They don’t give you a credit card if you quote a passport number. They actually need to sight it. Again - increased security at the access point.

Disagree, last few credit cards apps have validated identity by providing passport #, issuing country and expiry date (does a live look-up of passport office and gives a tick) + Medicare card details (also a live look-up with Medicare to validate) + a DL or utility bill. I've never been to a branch, Amex don't have them, they just mail the card.

I know ANZ require you to show photo ID to collect at the branch but IME NAB, SGB, WBC all just send the card to your PO Box after the online application.

 

[TheRealTMA]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

Simple. Use a personal algorithm related to the site such as AFFmember123#4$ etc.

There are many password managers including Norton etc but good idea to convert to newish passkey system if you can.

 

[jimmy hutspah]

Simple. Use a personal algorithm related to the site such as AFFmember123#4$ etc.

There are many password managers including Norton etc but good idea to convert to newish passkey system if you can.

and in all honesty QF should be providing customers affected by this unforgivable data breach with a free subscription to such a service (at the very least), and they should have done it days ago. their lack of adequate action on this takes us right back to the diabolical Joyce years.

 

[Quickstatus]

passkey system

Yes I've been progressively changing from password to passkey.

 

[Highway23]

Website now offering an option to link account logins to Authenticator apps, which is an idea.
Gate, horse, bolted and all that though…

 

[oz_mark]

Website now offering an option to link account logins to Authenticator apps, which is an idea.
Gate, horse, bolted and all that though…

Been able to do it for some time.

 

[Daver6]

Website now offering an option to link account logins to Authenticator apps, which is an idea.
Gate, horse, bolted and all that though…

That option has been there for years. Horse firmly in stable....jockey not familiar with saddle

 

[Highway23]

That option has been there for years. Horse firmly in stable....jockey not familiar with saddle

Ha, I had never seen it! Prompting it is some small consolation though.

 

[Rangalad]

10/10 for me too.

Qantas customers furious after massive cyber data breach

Qantas customers say they feel vulnerable, angry and unsupported following last week's major cyber security breach — and are now questioning whether the airline is doing enough to protect Australians' personal data.

www.abc.net.au

It took Qantas CEO Vanessa Hudson until Thursday night to give an interview following the cyber attack. She spoke to one media outlet from her holiday in Europe. Other media, including the ABC, were not given advance warning of the interview so were unable to put questions to the airline's boss.

Just tried to log into my f/flyer account.
Account locked, too many invalid PIN attempts.

Someone's trying to get in.

Had to reset my PIN.

 

[RooFlyer]

yeah WTH is going on with that? was the second a legit QF email? This is a total coughshow.

Same here. I received the first one yesterday evening, addressed to 'Dear Horatio', with 9 points including DOB (same as @DejaBrew's initial bingo card). Then an hour later, addressed just to 'Dear Qantas Customer', with only 3 points (name, email, phone). Both to the same email address - and the only current one I have listed with QF. Any other email addresses are long gone.

I mentioned up-thread that I had transitioned away from some bigpond-e-mail addresses. My first 9-items of data e-mail went to my current one, the one registered with Qantas 12 months ago. OK.

Well, I just discovered that I have also received the second e-mail, only 3 data types one. But its gone to my old Bigpond address!! The last e-mail received from Qantas on that one was June 2024.

Just what the F is going on with this mob?

 

[There'sOnlyOneJimmy]

Just tried to log into my f/flyer account.
Account locked, too many invalid PIN attempts.

Someone's trying to get in.

Had to reset my PIN.

I had the same thing yesterday.
One explanation could be that someone tried to get in.
Another could be that QF have set leaked accounts to force a PIN change.
There may also be others.

 

[AIRwin]

Just tried to log into my f/flyer account.
Account locked, too many invalid PIN attempts.

Someone's trying to get in.

Had to reset my PIN.

Large points balance?

 

[Rangalad]

Large points balance?

250K

Currently booking reward flights to reduce the balance.

Post automatically merged: Yesterday at 10:13 PM

I had the same thing yesterday.
One explanation could be that someone tried to get in.
Another could be that QF have set leaked accounts to force a PIN change.
There may also be others.

That's what I'm hoping QF forced the PIN change.