Posts

Showing posts from November, 2022

Inner Joined Data Breaches

Image
Optus Breach and Medibank Breach: A Breach Made in Hell  Problem: In the past few weeks there have been a whirlwind of data breach news from  Optus and then  Medibank . Anyone in Australia knows that these are two gigantic service providers in the country serving a huge portion of the population. Therefore the data stolen are horrendously massive, and when combined, extremely deadly. Let's have a look at Optus vs Medibank data stolen according to news:  As we can see, either data from Optus breach or Medibank breach alone provides ONE PRIMARY ID which is sufficient for a hacker to: Register a new phone number Open Buy Now Pay Later account Open crypto account in Centralized Exchange etc (not going to list all of them for security reason) To make things even worse, if someone got their hands on both of them and join them together: Basically they will produce a complete identity of a person with TWO PRIMARY ID  documents. With those documents, a hacker can: Access the victim bank ac