Coles
Telstra
Australia Post
Medibank
NAB
Tasmanian Government
University of Tasmania
Suncorp
ALDI Australia
Jetstar
Macquarie Group
Target
Scentre Group
Commonwealth Bank
Queensland Rail
Programmed
I reckon (a guess only) that Seek/etc have their own engines that will/have been/might be hacked/covered up/etc separately ⊠itâs never a question of if, but when - and whether they can deny it happened âŠ
Australian authorities helping PageUp People recover from a security incident say that while some data was likely accessed by an unauthorised party, there is no evidence so far that it was exfiltrated.
Really?
To date, PageUp People has never definitively said it was breached; only that âon the balance of probabilitiesâ some data was accessed by an unknown attacker.
âthe balance of probabilitiesâ is code for âwe reckonâ ?
What that attacker did with - or can do with - any data accessed could be of limited value, the ACSC, OAIC and IDCARE jointly said.
âWhile recognising that investigations are ongoing and that the situation may therefore change, the ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender,â it said.
âIn other words, no Australian information may actually have been stolen.â
Iâm having trouble not labelling that as âweasel wordsâ ⊠if it was my account where the âinformationâ was âaccessedâ Iâd have a hard time seeing a difference between that and exfiltration in the pure sense of impact on my privacy - playing semantics isnât very reassuring. Iâm guessing they either know a lot more than they are telling, or think they do, or maybe a lot less and are clutching at straws ⊠but my believe is what we are hearing is very very âsanitisedâ.
Also last night, PageUp People clarified its weekend disclosure that failed login attempt data up to 2007 may have exposed some password information in clear text.
It said last night that âa small number of PageUp error logs from before 2007 may have contained incorrect failed passwords in clear textâ.
In other words, the log file contained mistyped versions of passwords rather than the actual passwords themselves.
Wow. Coding at itâs finest. Are we expected to believe this was the only part of the code written by a Muppet?
This all leaves a very bad taste in my mouth because because of what Iâve been involved in. I think times are better now, with the oversight of âprivacyâ (to the extent privacy even exists) - at least it might serve to keep some organisations honest, unlike back in the days when there was nothing. Iâm still fairly convinced whistle-blowing would still be be career suicide, but thatâs another story âŠ