The Dark Night Online - Why every Australian should take the CYBER ATTACK on Australian Telcos seriously and what Optus advises.
Two days ago, I predicted that we would see attacks on Australian Telcos. Yesterday, Optus revealed a major breach. More breaches will follow in the next 24-hours. (Recommendations and insights below the video and links.)
WATCH THE OPTUS ALERT
If you are an OPTUS mobile user, you should first change your financial logins immediately, with no authentication detail like any detail previously registered at Optus. Then change ALL your website logins and passwords.
Why is this so important?
All Australian online infrastructure is now at risk.
Let's walk through this.
TWO FACTOR AUTHENTICATION (2FA)
2FA simply means that two different forms of identity confirmation are used to gain access to an account online. Banking and Cryptocurrency Wallets are commonly among the SaaS (Cloud) infrastructure protected by 2FA (Two Factor Authentication) primarily through MOBILE and secondarily by email confirmation.
THREE FACTOR AUTHENTICATION (3FA)
Telcos introduced 2nd tier defence against this by adding a 3rd factor of authentication for account changes, with the account holder giving a private detail, only they could know. Use 3FA for account changes has provided an additional layer of protection.
COMMON LOGIN & PASSWORDS
However, now that the OPTUS database is compromised, and because people commonly use the same login and password details across accounts, this now compromises 100% of SaaS platforms in Australia. Both 2FA and 3FA are compromised.
Crypto Criminals need only clone a mobile or steal identity details to gain access to 2FA. They have been doing this for years.
Came across this through a client case, where a criminal had successfully trolled and phished a client password, then called up and took over the Telco account, ordered a new sim and then reset 2FA at the exchange wallets.
This breach will lead to massive consumer losses.
Not just directly from Optus, but due to the access that criminals now have to hundreds of thousands of identities and websites.
NEED A SECURITY AUDIT?