Telstra & Optus Privacy & Account Security

Wondering if anyone has had any issues with Telstra adding authorities to their account. I received an alert a person was being added to my account to have full authority. I went online I did the 2 step authority to identify me, to get to MY account and there was a strangers name added to my account waiting for Telstra authorization. I called Telstra, assistant explained the following reasons. 1) I must have accidently clicked something and added this person. 2) Just delete the text dont worry. 3) You may have just forgotten you did it. *Unbelievable, after 15 minutes of reiterating that it wasnt a text this stranger has been put on my account. I insisted the matter be escalated. I had an update, again they tried to say I did it, then I stated that the only way to do this without going through the identity check is that Telstra has done it in error. In the end the operator finally agreed this is “probably what happened” but its still being investigated. Frightening that if I hadnt persisted and had them removed the new person could have blocked me from my own account and I couldnt do anything about it.

8 Likes

Welcome to the community.

Thanks for informing us of this problem, and that you got is sorted out due to your dogged persistence. Great result.

Telstra does not have a good reputation when it comes to customer service, and you have highlighted another example of poor responsiveness from a Customer Service member.

I suggest that you keep checking until you are sure the other person is completely removed from your account.

Once the process is complete, leave it for a while, and then go back and check to make sure Telstra hasn’t reverted back to having the person on your account. I know of multiple experiences where updates/changes mysteriously rolled back to old information.

3 Likes

I am terrified that Telstra staff do not understand the risks associated with such a change. If they were doing their jobs properly there should be several layers of authorisation when adding a new person to someone’s account - including a layer that actually stops and thinks “is this logical?” and is required to obtain permission directly from the account owner before taking any further action.

Document your discussion. Contact Telstra again if the issue has not been resolved by now, and make clear that you have not authorised such a change. You really need to move fast when someone may be trying to hijack your account, and at this point you want to make clear that Telstra owns all of the blame for anything that happens to your account based upon this unauthorised change. That may include stealing bank details, your online accounts, anything that is linked to your phone number and that some stranger by implication can now socially engineer.

6 Likes

For many years during my professional life I had to deal with Telstra. The most accurate thing I learnt over those years is that dealing with Telstra is its own punishment.

I’m now with Pennytel which is a Telstra reseller. I get access to the Telstra network (which still has the best overall coverage) without ever having to deal with Telstra. Win/win.

7 Likes

I adjusted the topic to include Optus. This, priceless.

3 Likes

And alarming!

The person had transferred her phone number from Optus to another carrier some months earlier. It sounds like Optus must not have removed the number from its registry, instead marking it as unallocated. So it could at any time have been issued to a new customer, and that’s what happened last Monday.

If she had complained to her current telco as well as to Optus, there might have been quicker action, because Optus had issued a number that they had no authority to use.

Also, the Optus SIM issued to the new customer wouldn’t have been working. The number was still assigned to the real owner’s SIM, which was now receiving calls and texts intended for the new Optus customer.

That new customer must surely have been complaining about the SIM not working, and also not getting any satisfaction. Very likely there were several SIM replacements, none of which would’ve worked.

Optus wasn’t much help to either person. :worried:

4 Likes

Disturbing considering mis-assignments of numbers and possibly also accounts has a long history.

Similar happened to one of our family, with one difference they were an active Optus customer at the time. A second twist was the number and service was supposedly transferred concurrent with an in store transaction. The issuing of a replacement sim to a customer more than 2000km distant.

What followed was stressful and incomprehensible. The event is now more than 10 years old.

P.S. to note:
Mobile Phone Number Porting Fraud/Identity Theft - #22 by Fred123

3 Likes

That may be an untested assumption. In particular, as I noted in the other topic that contains this story, it could depend on whether the existing customer (existing lessee of that number) ported to another network. The reverse possibility is that the existing customer’s phone wasn’t actually working for callers on the Optus network and she didn’t notice (over the period of six months).

I guess this is a gap in the story: find the new customer (who may come forward now that this story has been published) and establish what the process looked like from the other side.

Imagine if the new customer tells everyone his or her new number, only to have a different new number issued after this problem got sorted out, and then has to go through the whole process again of advising the new number.

Both of these stories illustrate why I prefer to receive 2FA verification codes by something other than SMS. There are just too many things that can go wrong, either through fraud or through human error.

This is the flip side of the market efficiency and convenience of Number Portability - although number quarantining and reuse plays a part too.

Actually, it IS an untested assumption. :smile: I confess! It was a guess - but to me, it seemed the most likely scenario, assuming that the person had ported her number to one of the other networks.

There are other possibilities, as you point out.

A nasty mess for the people involved, whichever way you look at it. :worried:

Number portability isn’t the problem when a carrier can issue the same number to two of its own customers as mentioned by @mark_m . The problem is one of incompetence and of failing to design adequate checks into processes.

2 Likes

Except not in fact. Only one is an Optus customer (“Melbourne woman” ceased to be a customer six months ago.) For sure it’s a stuff-up though.

Human error is a part of every process. I too wondered though whether the inconsistency should have been caught somehow by automatic checks but once she leaves the Optus network (if that is the case), Optus has much more limited information about the state of her service and the phone number. There may even be Chinese walls (in lieu of structural separation) between Optus-the-Network and Optus-the-mobile-service-provider, designed to make a level playing field for the MVNOs, that frustrate resolution of this kind of issue.

The real point about 2FA is … the second factor is supposed to be “something you have”. That “something” is, in this case, supposed to be a specific mobile phone (yours!). The mobile phone number that the web site has recorded for sending the SMS to is supposed to correspond exactly to your mobile phone - but the correspondence is far from exact.

In other words, a specific mobile phone is a concrete, physical real-world item but a phone number is highly virtualised - and can pop up in different places due to a range of technologies.