Personal information on more than a million Australian Telstra customers was recently made available online.
"The fact was discovered by a Telstra customer who was looking for the company customer support phone via Google and among the search results was offered a link to the 'Telstra Bundles request search' page," writes Help Net Security's Zeljka Zorz. "From this page, anyone could search for account details of any of the company's customers simply by entering their last name, account number, sales force ID or reference number."
"The results of such a search would reveal information such as what services and which plan they are on, information about technician visits, SMS messages, credit check history, email correspondence exchanged between the customer and the company's staff and, on occasion, even their usernames and passwords," Zorz writes.
Go to "Telstra privacy blunder reveals account details of some 1m customers" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.