Six Weeks After We Exposed A Westpac Hack Attack The Bank Comes Clean
Six weeks after we exclusively revealed a hack attack on Westpac, the bank that is now refusing to pass on the recent Reserve Bank interest rate cut has come clean finally admitting that the private details of almost 100,000 of their customers were exposed in a cyber-attack back in April.
This was when we approached the bank after customers were forced to renew their log in details.
The bank’s PR department responded with an email claiming “Please note we don’t manage any marketing or advertising enquiries as our website”.
When we finally did get through to their communications the Company responded claiming that they do not respond to “Security Issues”.
Yesterday it was revealed that the Banks real-time payments platform PayID, which allows the instant transfer of money between banks using either a mobile number or email address had been hacked.
The PayID operates like a telephone book, allowing anyone to type in a mobile number or email address and have it confirm the name of the corresponding account holder.
What’s surprising is why Westpac allowed their customers to be exposed to a service that security experts believe can be attacked with what’s called an “enumeration attack”, whereby numbers can be changed at random to find the names and mobile numbers of thousands of Australians.
Even more surprising is why the bank tried to hide the details when we first approached them.
Data Security consultants claim that hundreds of Westpac customers are now facing a real threat as the details gleaned could lead to fraud “on a mass scale”.
This week Westpac were forcing customers to change their passwords.
I am a Westpac customer and I have had to change my login twice this week alone.