QANTAS Cyber Incident

DejaBrew said:
It's basically a case of one group of FF members arguing "...I'm more heavily impacted so you should have communicated to me earlier instead of pushing a "nothing to see here" agenda with those who had nothing overly meaningful leaked" vs another group of FF members who would be arguing "...why did you keep me waiting and worrying for so long before telling me I was on the lower end of the impact scale?"
Click to expand...

There'sOnlyOneJimmy said:
Here’s another twist in the tail…
Mrs Jimmy got the 3rd email on Wednesday saying Name & Email data leaked.
Now today, Friday at about 5pm (trash time), she gets another one (4th), saying ooops, we leaked your Phone Number too…

Edit: And now I have a 4th email to also include Phone Number.
Click to expand...
So I got email #3 at 2230 last night. Scored a healthy 10/11. I’ve never had a meal preference. Mr Seat 0A got 9/11 - gender and meals missing. Felt angry.

Then 30 mins later emailed #4. With only 4 items. Felt confused.

I bet QF did not select angry and confused as words they wanted their brand to evoke with customers the last time they did a brand workshop.

Come on QF not good enough.




IMG_6147.png
 

Attachments

  • IMG_6146.png
    IMG_6146.png
    210.7 KB · Views: 4
mrsterryn said:
Interesting that Qantas isn't there yet for me
Fairly peeved about the thermonix one
Click to expand...

It likely won't be - unless the thieves decide to put the database out there.

That is a site covered data that's been released typically on the dark web.

At this stage, QANTAS is the only one who has the knowledge of what has gone out as the data itself has not been released, and Qantas won't release that list to that site for privacy reasons.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Apologies if this has already been noted in the thread.

This morning I logged into Qantas and discovered that under the 'My Profile" tab a new section has been added - Check your data Cyber incident 2025.

This may be of use to those receiving conflicting notifications about which data has been leaked.
 

Attachments

  • Screenshot 2025-07-13 at 6.42.21 am.png
    Screenshot 2025-07-13 at 6.42.21 am.png
    18.9 KB · Views: 24
Zoneboarder said:
This morning I logged into Qantas and discovered that under the 'My Profile" tab a new section has been added - Check your data Cyber incident 2025.

This may be of use to those receiving conflicting notifications about which data has been leaked.
Click to expand...

Unfortunately that section of the website contains no new information - it just lists the same fields that were emails BUT doesnt bother to tell you the value in the fields that was leaked.

Would like to know what specific addresses were leaked and what phone numbers were leaked and whether it was First name + Middle Name + Last Name (per ticketing) or just First name + middle initial + Last Name (per profile default).
 
Seat0B said:
So I got email #3 at 2230 last night. Scored a healthy 10/11. I’ve never had a meal preference. Mr Seat 0A got 9/11 - gender and meals missing. Felt angry.

Then 30 mins later emailed #4. With only 4 items. Felt confused.

I bet QF did not select angry and confused as words they wanted their brand to evoke with customers the last time they did a brand workshop.

Come on QF not good enough.




View attachment 457413
Click to expand...
Same for me - its unbelievable and makes me so angry!
 
TheRealTMA said:
Simple. Use a personal algorithm related to the site such as AFFmember123#4$ etc.

There are many password managers including Norton etc but good idea to convert to newish passkey system if you can.
Click to expand...
That's one lesson that I hope comes out of this. On the haveibeenpawned website, my email address has been in 12 past 'events', but I haven't suffered any losses. Mainly I think to practising a strong password hygiene, as I have worked in the assumption my email address and other details have been out in the wild for years (iTWire - You have zero privacy. Get over it.)

I use a process like @TheRealTMA so I have a different password for each site I use. That gets away from the problem where a criminal can reuse the same password to get into sites.

Some good information here Set secure passphrases | Cyber.gov.au
 
There'sOnlyOneJimmy said:
I had the same thing yesterday.
One explanation could be that someone tried to get in.
Another could be that QF have set leaked accounts to force a PIN change.
There may also be others.
Click to expand...
Someone entered their qff number incorrectly, as your number. I know I've locked other people's accounts in places - including at work - many times before
 
kookaburra75 said:
That's one lesson that I hope comes out of this. On the haveibeenpawned website, my email address has been in 12 past 'events', but I haven't suffered any losses. Mainly I think to practising a strong password hygiene, as I have worked in the assumption my email address and other details have been out in the wild for years (iTWire - You have zero privacy. Get over it.)

I use a process like @TheRealTMA so I have a different password for each site I use. That gets away from the problem where a criminal can reuse the same password to get into sites.

Some good information here Set secure passphrases | Cyber.gov.au
Click to expand...
Great recommendations and they definitely should be followed. The one remaining challenge we have though, is that with very enriched data sets being available to hackers, they don't need your passwords anymore. They simply use their social engineering techniques to bypass this vector. eg.

Hi, my name is ABC, my FF is, I have forgotten lost phone which has all my passwords encrypted on it...... my DOB is, my address is, my email is, my phone is, my medicare number is, my drivers licence is, my passport number is, my street address is....... can you reset my password.....

While many staff will be will trained to stop this attack vector, since we are talking about millions of customers data and 100's of thousands call center staff, some will get through...... they just did get through this vector, with the Qantas centre in Manila!!! This is the new frontier.
 
GrahamBRI said:
Great recommendations and they definitely should be followed. The one remaining challenge we have though, is that with very enriched data sets being available to hackers, they don't need your passwords anymore. They simply use their social engineering techniques to bypass this vector. eg.

Hi, my name is ABC, my FF is, I have forgotten lost phone which has all my passwords encrypted on it...... my DOB is, my address is, my email is, my phone is, my medicare number is, my drivers licence is, my passport number is, my street address is....... can you reset my password.....

While many staff will be will trained to stop this attack vector, since we are talking about millions of customers data and 100's of thousands call center staff, some will get through...... they just did get through this vector, with the Qantas centre in Manila!!! This is the new frontier.
Click to expand...
And I just wonder what information was provided at the initial phone call to Manila that resulted in being granted access to the data base. This is the actually the first data breach and not the 6 million FF'ers.

So how did those credentials to the data base get leaked?
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 12 more.
Total: 4,434 (members: 62, guests: 4,372)
Back
Top