# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 8
# self = https://watcher.sour.is/conv/rfs6lza
For my fellow Australians, I hope none of you use Optus for any ISP services š¬
If so, keep an eye out on haveibeenpwned.com over the coming days. 10,000 records are being released for the next 4 days until Optus pays the extortion fee. I donāt think this is likely considering theyāve already engaged the AFP (Australian Federal Police).
For those abroad who arenāt familiar with this, Optus (an ISP) has suffered a data breach. Data that has been exposed are: full name, date of birth, address and potentially government documents such as driverās licence, passport and Medicare number (public health care number). Thereās evidence of 55 Medicare numbers being exposed in the first batch of 10,000 records that have been released today.
Itās rumoured that the attacker(s) were able to access an API that linked to a test environment that didnāt require authentication. This environment had access to Optusā production customer databases.
The very fact that we continue to fucking store "Personal Identifiable Information" at all astounds me š³ -- Yes okay fine, there are commerce laws around "Know your customer" apparently, in which case, why da fuq do companies continue to store PII in the clear in databases and systems so easily hacked?! š¤¦āāļø Encrypt it at rest FFS š¤£
The very fact that we continue to fucking store "Personal Identifiable Information" at all astounds me š³ -- Yes okay fine, there are commerce laws around "Know your customer" apparently, in which case, why da fuq do companies continue to store PII in the clear in databases and systems so easily hacked?! š¤¦āāļø Encrypt it at rest FFS š¤£
@prologic Iāve been learning very fast that mostly investing further money into the already barebones budget IT/Security is usually seen as a poor Return On Investment. Iām sure you know from your Facebook days, but even AU companies would rather pay massive fines every 5-10 years than focusing on security. I think part of the issue is the high prices currently put on security solutions but a huge component is compliance > competence.
also very telling that the old CISO left Optus 3 weeks prior to the breach. Sounds like some very shitty decisions from the top.