undefined | Better HN

0 pointsanakaine3y ago0 comments

And why is it stored in clear text. And why was it exposed to a regular API. And why was real data being used on a dev API. And why wasn't that API secured at all?

These are all really good questions.

0 comments

4 comments · 2 top-level

nineteen9993y ago· 2 in thread

Why was unscrubbed customer data being used in a dev system that was connected to the internet at all.

sumedh3y ago

Perhaps they wanted test data similar to their Prod data.

2muchcoffeeman3y ago

So obfuscate the data before exporting it.

1 more reply

waste_monk3y ago

The answer for pretty much all of these are "woeful incompetence".

Knew a guy who used to work for Optus, he said their business SIP service was constantly getting hacked and their strategy for dealing with it was just to eat the losses and give out account credit like water, because their infrastructure was so outdated and poorly designed that it was functionally impossible to secure.

Honestly, Ausgov should rip Optus to shreds for this... not only for the data breach specifically, but also as a critical infrastructure operator they should be held to a far far higher standard than an ordinary business.

j / k navigate · click thread line to collapse