Australian telecom provider Telstra recently reset the passwords of up to 230,000 users of Telstra’s BigPond GameArena and Games Shop Web sites. While the information accessed was limited to 35,000 users names, email addresses and encrypted passwords, the company says it reset the larger number of passwords as a precaution.
The company says no financial or credit card details were accessed.
“Telstra said that while all password data stolen off the site was encrypted, users who used the same password on other sites should consider resetting that password as well,” notes Technology Spectator’s Harrison Polites.
“The Office of the Australian Information Commissioner confirmed the Privacy Commissioner, Timothy Pilgrim, was investigating the incident,” writes The Sydney Morning Herald’s Ben Grubb. “Pilgrim said in a statement that it was ‘worrying’ that hacking incidents like Telstra’s were ‘occurring more often.'”
“Last year, a third-party customer-service provider used by BigPond was taken offline after an exposure that resulted in around 60,000 password resets, while in January, customer data was posted to a cloud-based spreadsheet,” writes The Register’s Richard Chirgwin. “In both cases, the data breach was the result of process failures rather than external attacks. Perhaps because of the criticism it suffered in those two incidents, the carrier has taken the commendable decision both to disclose and to act quickly.”