Telstra BigPond Passwords Leaked

Lord Cyric writes: "Telstra, DownUnder's biggest and baddest telco, has had a major security breach yesterday when a sample of its BigPond Internet password list was posted on various newsboards. The Australian Broadband Users Group (ABUG) has confirmed that this is not a hoax. This hack exposes the passwords for most of Telstra's Internet services (dialup, cable & ADSL). With all the bad press Telstra has been receiving lately over it's shoddy ADSL rollout and download caps, they certainly didn't need this ..." This site is not exactly the Telstra P.R. department.

Not a hoax?

[wolvie_]

The Australian Broadband Users Group (ABUG) has confirmed that this is not a hoax.

What? The site which originally broke the story (CORE) have now posted another article saying Telstra's servers were probably not cracked. Specifically:

Sub7 or some other "netbus" program has been used to leech the accounts of the users machines. This is at the moment the scenario I favour...

Sure, Telstra fucked up their ADSL network and extremely pissed off many users with their download caps, but there isn't proof yet that they screwed up on this too.

liable?

[rneches]

Does the law in Australia allow companies to be held liable for breaches in security? It seems to me that it would be bad faith at the very least. On the other hand, I can't think of an example where a company

• had crappy security
• got hacked, hurting their users and customers in a tangable way
• were sued by thier customers
• lost/settled with their customers

As far as I can tell, the hackers are the ones considered culpable, not the incompitant admins who let them in. Is there a legal basis for this, or is it just the way things work? Or am I being paranoid?

--