2022-09-24 16:28

Optus Hack, now what?

The Optus Hack will take the number 1 medal for Australia's worst information leaks. 11.2m customers have had some or all of the following data captured by shady internet characters:

  • Full name
  • Date of birthe
  • Gender
  • Mobile Number
  • Address
  • Drivers License number
  • Passport number

This is as serious as it gets, so do not wait for Optus or the Government to step in and help. Gear up and play defence. Here's what you should do next (and this is exactly what I'm telling my mum to do...):

1. Lock down your credit information

You can request that credit reporting companies temporarily stop credit history reporting. This will prevent fraudulent credit applications using your details from being approved:

2. Move your phone number to a different provider

Given the technical details of the hack, it would be kind to say that Optus is incompetent at best, and grossly negligent at worst. Move your service to another company. And if you are able, change your phone number too. This will reduce the risk of hackers matching your phone number and e-mail address across other services you use, and gaining access to them through social engineering or phishing attacks.

3. Create/move your e-mail to an encrypted e-mail provider

Consider creating a new e-mail address with a reputable encrypted e-mail provider. I use and recommend ProtonMail. It looks and feels like GMail, is encrypted (they can't see or use any of your data for advertising), and has great iOS and Android apps.

f7d0e1519b713190fd0672acd21000a2.png

4. Use unique e-mail address for your online service accounts

ProtonMail and GMail both allow you to append a '+' symbol to your e-mail username to generate unique email addresses. This will be harder for hackers to match and use your e-mail address across different services. For example, your video streaming e-mail addresses/logins can look like this:

johndoe+netflix@protonmail.com johndoe+hulu@protonmail.com johndoe+stan@protonmail.com

All e-mails sent to these addresses still end up in your single e-mail Inbox.

5. Move to One Time Use Virtual Credit Cards

As an Australian living in America, I use Privacy.com to generate unique credit card numbers for all my online purchases to protect me against credit card fraud. Privacy.com is unavailable in Australia, but I've heard these companies provide a similar feature:

6. Get a Password Manager

Never re-use passwords. Ever. To manage this, you should install a password manager, either 1Password or LastPass. I've used both, but prefer 1Password. It has mobile app and browser plugins, and will autofill your username and passwords:

4a7efd19c99d6e616b8523ee5fbcd6e8.png

1Password also has a feature called "WatchTower", which will monitor security breaches/hacks across the internet and tell you when you need to update your password:

eefd984498b52ba493af6004bb843b3f.png

Install this, and update your passwords on all your Internet services. 1Password will automatically generate unique and hard to break passwords for you!

7. Consider changing your drivers license number

Most Australian states allow you to do this, and it's worth while:

8. Stay vigilent

Standard defensive practices apply:

  • Don't click on links sent to your SMS/e-mail/Facebook/Whatsapp/whatever unless you're expecting them.
  • Hackers/scammers will use personal information leaked from Optus to make phishing attacks look and feel more authentic.
  • If someone calls you representing a government agency or commercial service, ask for their name, and call them back on the company/agencies official number. If they're official, they'll answer on that number.

Report any issues/theft to the various government agencies that help victims of cyber crime. Follow the instructions here.