Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed 15
An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."
Had it been aware of the hack ... (Score:2)
The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014
Does that mean had Telstra know anything about the hack the deal wouldn't have gone through?
Re: (Score:1)
This was an SQL vulnerability? Exactly how many more times must this happen before people implementing systems learn to SANITIZE THE FUCKING UNTRUSTED INPUTS?
Then they will discover for themselves: the thing about slamming your own head into a brick wall over and over again is that it feels so good when you stop.
Re: (Score:2)
This was an SQL vulnerability? Exactly how many more times must this happen before people implementing systems learn to SANITIZE THE FUCKING UNTRUSTED INPUTS?
Startups never will. They only think next quarter and next round of funding or acquisition, so security (and often licensing) is not an issue. But larger companies acquire startups, and then get bit. When will they learn that an accountant is not the best person for an IT audit?
Which is why you encrypt (Score:2)
With good encryption it should be hard enough to mess with the data that it just isn't worth it.
Re: (Score:2)
With good encryption it should be hard enough to mess with the data that it just isn't worth it.
If they thought like that, they would have scrubbed the inputs before passing them to SQL.
Knowing the targer and interested parties (Score:2)
I immediately thought one of the intelligence orginizations, US, British, or Australian.
Re: (Score:2)
I immediately thought one of the intelligence orginizations, US, British, or Australian.
Well you can cross Australia off that list, there's no way ASIO is that competent.
They say that the CIA gets its bad news from CNN, ASIO gets its bad news from Slashdot.
Hacked via SQL server vulnerability? (Score:1)
Any more technical information as to the technical nature of the Pacnet Hack?