2022 will go down as the worst year on record for cyber incidents in Australia. After recent cyber incidents at Optus and Medibank, now thousands of customers of energy giant AGL, have now been impacted.
I want to be very clear, this incident appears to be very different to both the Optus and Medibank cyber events, it doesn’t involve an unsecured API and the incident doesn’t involve sensitive medical history, it also appears to be much smaller in scale, yet still important for those customers impacted.
I first received a report from an AGL customer around 7 PM last night. This customer reported an issue with their AGL account and had been unable to log in to their MyAccount page for the last 5 days. This meant they were unable to manage their account for 3 different services they have with AGL, Electricity, Gas and Internet.
After calling AGL support, the impacted customer spoke with a consultant and received verbal confirmation a data breach has occurred.
This customer could not access their account as it had been locked due to a third party gaining access.
Yeah not real happy with the situation, have electricity gas and internet accounts with them….
The customer had also received an error message when visiting AGL’s website “our servers are down” for 3-4 days, another indication all was not well.
On the surface, this could be an individual customer with an issue, so I called AGL’s Media division to enquire further. I received verbal confirmation that there has indeed been a cyber incident that has impacted multiple customers and while they haven’t provided an exact number yet, I can confirm it does impact thousands of customers.
I was informed by the AGL representative that impacted customers had been notified, however, the customer I spoke with, confirmed they have received no such notification, outside the phone call they initiated.
It was also suggested by AGL that these accounts had been compromised due to customers re-using passwords exposed in previous data breaches.
Unfortunately, that doesn’t seem to align with the details provided by the customer. They checked the publicly disclosed data breaches at https://haveibeenpwned.com/ and the only reference was to an old Tumblr breach.
The customer joined AGL in July of this year and had a different password. It is possible that there’s an undisclosed data breach, but this certainly doesn’t explain the reason for the AGL account compromise as they suggested. I would look to AGL to provide more information on how the account compromises happened at scale and what information was accessed.
AGL has a dedicated page on their website titled ‘Scams, hoaxes and online safety‘ where they say they are ‘We’re serious about security and privacy‘. While that may be the case, they haven’t publicly disclosed this incident which is the industry standard and much better to do, sooner rather than later, so impacted customers can take action.
If you’re an impacted AGL customer, please let us know in the comments below. Did you get notified?
Below is a statement from AGL on the Cyber Incident.
AGL takes customer privacy and protecting customer data very seriously. AGL is aware of elevated levels of suspicious activity on its MyAccount platform. Based on current analysis it appears malicious actors have used stolen credentials acquired externally (such as usernames and passwords used elsewhere by customers) to log into a number of customer accounts.
All AGL customers using MyAccount have been notified of the activity and provided with advice on the importance of using strong passwords, not reusing passwords and the availability of multi-factor authentication.
In the current environment, where customer data is more available due to recent large data breaches, cyber activity of this nature is increasingly prevalent.
I would like to emphasise that there was no data exfiltration through system compromise, as was the case with recent high profile cyber breaches.
We have communicated to potentially affected customers regarding the suspicious activity and to alert them to unusual activity on their account, and they will be required to reset their password the next time they login.
We would remind all AGL customers of the importance of using strong passwords, not reusing passwords and the availability of multi-factor authentication.
We have informed the relevant regulatory bodies, the Office of Australian Information Control and the Australian Cyber Security Association.”
Enable MFA to help secure your account
If you’re not already enabling Multi-factor Authentication on web services that support it, you need to start, and now. MFA helps to secure your account against attackers by leveraging something you know (username/password) and something you have (code from MFA authentication app).
This means that if your credentials are learned, the attacker won’t be able to access your account. If you do have MFA setup, it is important to only ever approve auth requests when you initiate them (ie. log into your account). If you ever see one you didn’t initiate, it’s likely an indicator your credentials have been learned and you should reset your password immediately.
Learn More: technology clipart,technology student association,technology management,technology readiness level,technology acceptance model,technology gif,technology transfer,technology consultant,technology package,technology addiction awareness scholarship,is technology good or bad,technology networks,technology movies,technology gap,technology jokes,is technology limiting creativity,technology leadership,technology drive,technology zero,technology help,technology 100 years ago,technology project manager,technology house,technology unlimited,technology background images,technology readiness level dod,g technology ssd,technology economics definition,technology obsolescence,is technology science,technology life cycle