QANTAS Cyber Incident

[Hadun]

I don’t want a new number for my FF account!
And I’m not sure they can do anything with the FF number alone, except a scam text or email. Hopefully most people can avoid those!

I mean with the info they have from this they can't really do anything credit or ID related. Which only leaves QFF account access or simply more spam and phishing which seems pretty low value all things considered. I personally hold no sentimental value for my number and would rather eliminate one more potential path of intrusion even considering MFA. Speaking of which do they actually verify by MFA when you ring their call centre?

 

[Flyingwombat]

I mean with the info they have from this they can't really do anything credit or ID related. Which only leaves QFF account access or simply more spam and phishing which seems pretty low value all things considered. I personally hold no sentimental value for my number and would rather eliminate one more potential path of intrusion even considering MFA. Speaking of which do they actually verify by MFA when you ring their call centre?

Not true for those of us who had everything released. There is a lot you can do if you know someone's email, address, dob, phone number - think of the companies you interact with who use these things to verify. Not all have MFA set up. Yes if you have just had name and FF number released, it is all ok. But not for those of us in the other bucket of people!

 

[Pushka]

Not true for those of us who had everything released. There is a lot you can do if you know someone's email, address, dob, phone number - think of the companies you interact with who use these things to verify. Not all have MFA set up. Yes if you have just had name and FF number released, it is all ok. But not for those of us in the other bucket of people!

That's pretty much what Optus released of my info. Plus drivers licence. Not FF number. Nothing happened. Drivers licence is more critical. Most companies also ask for secret word or number.

 

[Flyingwombat]

That's pretty much what Optus released of my info. Plus drivers licence. Not FF number. Nothing happened. Drivers licence is more critical. Most companies also ask for secret word or number.

I don't agree. I deal with loads of companies who ask for name, confirm DOB, address and phone number. Then they open up your records. Luckily banks are no longer like this but these scammers can patiently build up a profile over years. Obviously I can't change my date of birth! I actually think it would be preferable to have driver licence and credit cards released. At least you can change those fast. Latitude released my licence number but I could change it the next day. Not same as DOB...

 

[Aeryn]

Updated their site and also picked up by media:



An injunction might hold weight if a legit Aussie based company stole/bought the data; but if the scammers/hackers have sold it to overseas scammers or published on dark web not sure a NSW court order can do anything useful.

 

[Flyingwombat]

Updated their site and also picked up by media:

View attachment 458368

An injunction might hod weight if a legit Aussie based company stole/bought the data; but if the scammers/hackers have sold it to overseas scammers or published on dark web not sure a NSW court order can do anything useful.

Sadly it is window dressing... it was illegal to obtain the info in the first place via deception... so what will this injunction do. The data will be sold on dark web at some point - and what will NSW SC do for us??

 

[shuuy]

How many points are we talking?

Do you know the specifics of what data he had leaked?

300k points. They had the 9 points of ID identified. Given the QF system and traceability, no worries to get them back.

On the other hand: using their name address email DOB and mobile to change mobile to a different number on all other utilities and government applications is frightening

 

[shuuy]

Bloody hope not, I realise others here have joked about getting compensated with points or status but would it really kill them to issue us with new numbers at the very least? Not to mention if this all blows over as is then has it actually cost them anything apart from maybe staff overtime? I mean the help they've offered are all free or gov resources right?

But isn’t it cool to show off your 6 or 7 digit QF number because we are all OG’s?

 

[MEL_Traveller]

But isn’t it cool to show off your 6 or 7 digit QF number because we are all OG’s?

Do they go as high as 6 digits?

 

[RooFlyer]

I mean with the info they have from this they can't really do anything credit or ID related. Which only leaves QFF account access or simply more spam and phishing which seems pretty low value all things considered.

Again, its not just about this data - its about the possible aggregation of this data with other data on you out there, or maybe updating some (e-mail, phone). Wait until the peaks align and there could be a lot more damage than sone nicked QFF points.

Interestingly mrsdoc got the last (3rd) email and had slightly less data breached, but neither of the first two.

So can some-one tell me how that works?

 

[msam95]

Sadly it is window dressing... it was illegal to obtain the info in the first place via deception... so what will this injunction do. The data will be sold on dark web at some point - and what will NSW SC do for us??

It’s to stop the pesky Australian media outlets from going on the dark web when it eventually gets released showing how bad the leak is and the disconnect between what Qantas’s word treatment is, and what is reality

Of course Qantas won’t be fully forthcoming, so of course they’ll use some legalise to snooker the media outlets options of reporting it fully later with samples of information(like previous leaks/hacks)