Slashdot Mirror

← Back to Stories (view on slashdot.org)

Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed

Posted by samzenpus on from the getting-to-know-all-about-you dept.

An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."

15 comments

  1. Had it been aware of the hack ... by Taco+Cowboy · · Score: 2

    The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014

    Does that mean had Telstra know anything about the hack the deal wouldn't have gone through?

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Had it been aware of the hack ... by Anonymous Coward · · Score: 0

      They would have paid much less, since they can get sued, which could cost meeelions.

    2. Re:Had it been aware of the hack ... by Anonymous Coward · · Score: 1

      This was an SQL vulnerability? Exactly how many more times must this happen before people implementing systems learn to SANITIZE THE FUCKING UNTRUSTED INPUTS?

      Then they will discover for themselves: the thing about slamming your own head into a brick wall over and over again is that it feels so good when you stop.

    3. Re:Had it been aware of the hack ... by Anonymous Coward · · Score: 0

      More likely ASD was performing due dilligence on the deal.

    4. Re:Had it been aware of the hack ... by houstonbofh · · Score: 1

      This was an SQL vulnerability? Exactly how many more times must this happen before people implementing systems learn to SANITIZE THE FUCKING UNTRUSTED INPUTS?

      Startups never will. They only think next quarter and next round of funding or acquisition, so security (and often licensing) is not an issue. But larger companies acquire startups, and then get bit. When will they learn that an accountant is not the best person for an IT audit?

    5. Re:Had it been aware of the hack ... by Anonymous Coward · · Score: 0

      an IT audit?

      Is that a thing that costs money? Why do these IT people always come to me wanting money? They don't make a single thing we sell, why are we pumping money into this cost center without anything to show for it?

      Denied.

      -- Big company.

  2. Do it by Anonymous Coward · · Score: 0

    Hack the Pacnet!

  3. dem haxx0rz by Anonymous Coward · · Score: 0

    r in ur cables, watchin ur pr0nz

  4. Which is why you encrypt by Karmashock · · Score: 1

    With good encryption it should be hard enough to mess with the data that it just isn't worth it.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    1. Re:Which is why you encrypt by houstonbofh · · Score: 1

      With good encryption it should be hard enough to mess with the data that it just isn't worth it.

      If they thought like that, they would have scrubbed the inputs before passing them to SQL.

  5. Knowing the targer and interested parties by Technician · · Score: 1

    I immediately thought one of the intelligence orginizations, US, British, or Australian.

    --
    The truth shall set you free!
    1. Re:Knowing the targer and interested parties by mjwx · · Score: 1

      I immediately thought one of the intelligence orginizations, US, British, or Australian.

      Well you can cross Australia off that list, there's no way ASIO is that competent.

      They say that the CIA gets its bad news from CNN, ASIO gets its bad news from Slashdot.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  6. Hacked via SQL server vulnerability? by nickweller · · Score: 1

    "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server"

    Any more technical information as to the technical nature of the Pacnet Hack?