Telstra has again unwittingly exposed some of its customers' details on the internet, with a spreadsheet of customer details found online.The Australian and Music Feeds this morning flagged a spreadsheet, containing around 1500 BigPond email addresses, postal addresses and telephone numbers, that was freely accessible online.
Telstra confirmed that this had been the case, but said that the site had been disabled within an hour of the company being made aware of it. It believed that the spreadsheet had been created by a consultant to use in training, and not for a malicious purpose. The Australian said that the site also had ticket numbers and descriptions of issues lodged by Telstra customers.
The telco said that there was no reason to believe that the spreadsheet contained passwords or credit card and financial information, but added that it would contact the customers whose details had appeared on the site.
This is the second privacy mistake that the telco has made in the last month. Earlier in December, a Whirlpool forum post revealed an internal Telstra tool that was meant for use by Telstra employees to search customer records by a customer's last name, reference number, billing account number or sales-force number, but wasn't protected by any authentication method, such as a password.
Using the tool, anyone could access information about a Telstra customer's Bundle orders, including their plan, billing account numbers, first and last names and notes about their account. Telstra closed access to the tool, and, as a precautionary measure, it also disabled its online billing, BigPond self-care and My Account functions on its website for a brief time, and reset the passwords of around 60,000 customers.