Optus customers claim major online privacy breach when logging into accounts
Optus customers have flooded social media to complain about suspicious account activity, claiming they have been victim to “major privacy” breaches when logging into their accounts.
- People complained of seeing other customers’ contact information
- Optus says it’s aware of the issue and has been responding to customers on Twitter
- It follows reports of a phishing email claiming to be from Optus
Users described receiving emails regarding billing and when they attempted to log into their accounts, and found themselves being logged in as “Vladimir” before their screen refreshed on a loop.
Optus confirmed to the ABC that it was aware of the issue.
Sucheta G wrote on Twitter that she received a suspicious email claiming her bill was $300 when it should be $100 under her usual plan.
“I logged into my account and it said, ‘Hi Vladimir’. I have a screenshot. What’s the go??! “
Another user tweeted they too were being logged in as Vladimir.
“Yo someone tell @optus some s**t is going down with My Account.”
“Page refreshes every 2 seconds and when I managed to click into my account (chrome auto fills my deets) I was Vladimir? Yea I ain’t Vladimir.”
Customer Daniel Grallelis said he was able to see another customer’s personal information when he logged in under his account.
“Optus, I just logged into My Account to check my bill, and I was automatically logged in as a different customer — with their name, mobile number and account number in plain view for me to see,” he tweeted.
“This is a massive breach of privacy.”
Customer James Webster described the website as “dangerously broken”.
“My Account login is dangerously broken at the moment, I was just logged in as some other user. An attempt to log back in is now resulting in an infinite loop,” he tweeted.
It follows reports of a phishing email which claims to be from Optus and asks users to click on a link to a PDF of their invoice containing malware.
Optus said the scam email has been circulating since August last year.