Pacnet hacked; PayPal customers double-billed; iiNet to offer free legal advice for alleged pirates

Last Wednesday Telstra revealed that its new subsidiary, Pacnet, experienced a security breach earlier this year that allowed a third party access to Pacnet’s corporate IT network.

According to Telstra, the breach occurred before it had fully completed its acquisition of Pacnet. Telstra announced its US$697 million acquisition of Pacnet in December last year and completed the acquisition in April this year.

“The breach occurred prior to Telstra taking ownership of Pacnet and Telstra was made aware of the breach on finalisation of the purchase on 16 April 2015,” a statement from Telstra said.

A Fairfax report said the intruder gained access to Pacnet’s corporate network on 3 April this year.

Telstra Group Executive of Global Enterprise Services Brendon Riley said, “Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through an SQL vulnerability that enabled malicious software to be uploaded to the network.”

Riley said Telstra has rectified the vulnerabilities that allowed the intruder access to Pacnet’s network.

Telstra stressed that the Pacnet corporate IT network is “not connected to Telstra” and that “there has been no evidence of any activity on Telstra’s networks”.

Interestingly, a Fairfax report on the breach claims that Telstra is considering legal action against the three investment management companies that it bought Pacnet from, because they didn’t mention the breach until after the deal had been completed.

According to Fairfax’s unnamed sources, the fact that Telstra was not told about the breach until the acquisition was finalised angered Telstra management.

PayPal customers double-billed

PayPal has admitted to an error that led to some customers being billed twice for transactions.

Last Thursday the company posted a statement on its page acknowledging the error.

“We’re aware of an error that’s resulted in some of our loyal PayPal customers experiencing duplicate transactions when they only completed one transaction through their PayPal account,” the statement read.

The company went on to say that affected customers would be reimbursed, including “all fees incurred as a result of the issue”, such as overdraw fees.

PayPal apologised to the affected customers and indicated that funds would be returned to affected customers within three business days.

A little over 24 hours later the company posted another statement, saying: “We have processed 100% of the refunds and it’s common for banking institutions to apply this to individual customer accounts within 24 hours. The majority of impacted customers will receive the reimbursement into their bank account today.”

However, customers over the weekend claimed to be still experiencing problems, both with the reimbursement and the initial double-billing issue.

“[D]idn't get my money back, was told that [I] authorized the payment,” one customer wrote.

“This has just happened this weekend where I've had another transaction double drawn from my credit card. Can someone help me with this as it seems the issue is not yet fixed?” another wrote.

PayPal directed customers needing assistance on the matter to send a direct message to its Facebook account or call 1800 073 263.

iiNet to offer legal representation to alleged pirates

iiNet has indicated that its customers that are accused of pirating the film Dallas Buyers Club will have access to free legal representation to help defend against the allegations.

In a company blog post, iiNet Financial Controller and Company Secretary Ben Jenkins wrote of iiNet’s recent experiences in the Federal Court.

iiNet and several other ISPs appeared in the Federal Court after refusing to hand over the personal details of customers that Dallas Buyers Club LLC and Voltage Pictures LLC suspected of copyright infringement, Jenkins wrote.

“It’s now certain that shortly after 21 May 2015, iiNet will be ordered to hand over the name and physical address details of customers whose accounts are suspected of being used to infringe copyright,” Jenkins wrote.

The iiNet customers in question may subsequently receive a letter from copyright holders, alleging they have infringed copyright.

“If you do receive a letter you may want to get legal advice,” Jenkins wrote.

However, he added that “iiNet is working with a law firm that has offered to provide pro bono services for any of our customers. More details will be provided when agreement is reached on that front.”

Image courtesy Jason Howie under CC