Qantas launches "Aquire" business frequent flyer program.

Status
Not open for further replies.
re: Qantas launches "Aquire" business frequent flyer program.

Red Roo said:
I'm looking into this as a matter of priority.
Click to expand...

Red Roo if there is a security breach I am guessing you wont be able to confirm here given the sensitivity of it.
 
re: Qantas launches "Aquire" business frequent flyer program.

Hands up all those who think ALH needs to be chatting to Lesley at the Rockpool lunch !
 
re: Qantas launches "Aquire" business frequent flyer program.

Have just spoken to the Plat1 Team Member on call and initial response was she will look at it and get back to me at some time tomorrow..... WTF ????

Questioned and pushed and now she is going to see what is happening and will get back when she can

NOT GOOD ENOUGH
 
re: Qantas launches "Aquire" business frequent flyer program.

Ansett said:
Red Roo if there is a security breach I am guessing you wont be able to confirm here given the sensitivity of it.
Click to expand...
First priority has to be fixing it of course.

Hopefully the exposure was minimal, and hopefully there's a way of identifying what accounts were exposed so that those account holders may be contacted. Just because some details were visible doesn't mean that they were noticed of course, or taken advantage of. But it's best to be safe than sorry in those instances.

Given that the issue was identified in a public forum it'd be good practice for Qantas to provide some feedback on the matter which, by virtue of Red Roo's post, has already started - so that's an excellent sign.
 
re: Qantas launches "Aquire" business frequent flyer program.

Jean Prouvaire said:
First priority has to be fixing it of course.

Hopefully the exposure was minimal, and hopefully there's a way of identifying what accounts were exposed so that those account holders may be contacted. Just because some details were visible doesn't mean that they were noticed of course, or taken advantage of. But it's best to be safe than sorry in those instances.

Given that the issue was identified in a public forum it'd be good practice for Qantas to provide some feedback on the matter which, by virtue of Red Roo's post, has already started - so that's an excellent sign.
Click to expand...

Agreed however for me a concern was the response of the P1 team member will have a look at it and will get back to me some time tomorrow is some what inadequate given the potential seriousness of such a security breach given they are supposed to be the best of the best in customer service. The least I would have expected OK I am going to make investigations and will call you back asap and advise what is happening
 
re: Qantas launches "Aquire" business frequent flyer program.

Ansett said:
Have just spoken to the Plat1 Team Member on call and initial response was she will look at it and get back to me at some time tomorrow..... WTF ????

Questioned and pushed and now she is going to see what is happening and will get back when she can

NOT GOOD ENOUGH
Click to expand...

Do you want them to send you flowers?
Or do you need someone to tell you "IT is fixing it right now"
 
While the problem is a worry, I suspect it won't fix itself that quickly
 
re: Qantas launches "Aquire" business frequent flyer program.

Pu Koh said:
Do you want them to send you flowers?
Or do you need someone to tell you "IT is fixing it right now"
Click to expand...

NO what I expect as any other reasonable person would is to have a response that understands that it needs immediate attention not wait until tomorrow... Would you feel the same way if you rang your credit card company and they gave the same response ....... I think not
 
Unlock 20,000 Bonus Points on just $10K in Business Expenses
Turn business expenses into Business Class! Process $10,000 through pay.com.au to score 20,000 bonus PayRewards Points and join 30k+ savvy business owners enjoying these benefits:

- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

re: Qantas launches "Aquire" business frequent flyer program.

Ansett said:
NO what I expect as any other reasonable person would is to have a response that understands that it needs immediate attention not wait until tomorrow... Would you feel the same way if you rang your credit card company and they gave the same response ....... I think not
Click to expand...

they'll call you tomorrow when something's been done. I don't think she meant they were gonna wait until tomorrow to do something about it.
 
re: Qantas launches "Aquire" business frequent flyer program.

ALH said:
I wonder who is in charge of Qantas Aquire On-Line Security?

I just went to Join (I pre-registered when it was first advertised). I put my ABN in and started adding data. As I clicked next, I noticed I had missed a field and clicked the arrow to go back a step. While my ABN was still showing at the top of the page, it has brought up someone else's Company Name, the name of the Account Manager, her Qantas Frequent Flyer Number, her phone number, her email address and her Mother's Maiden Name.

I am scared stiff to register for this now. I don't want my personal details out there for everyone else to see when they register for Aquire.
Click to expand...

I reckon I could find out most of that stuff given a name and address with 60 minutes
 
re: Qantas launches "Aquire" business frequent flyer program.

Pu Koh said:
they'll call you tomorrow when something's been done. I don't think she meant they were gonna wait until tomorrow to do something about it.
Click to expand...

Oh so you can read minds now well done...
 
re: Qantas launches "Aquire" business frequent flyer program.

ABC1 said:
I reckon I could find out most of that stuff given a name and address with 60 minutes
Click to expand...

Are you seriously saying that by checking an ABN you could get Mothers Maiden Name Account managers name Password phone number and email address????????

If ASIC was to allow the publication of the above information I would suggest there would be outrage
 
re: Qantas launches "Aquire" business frequent flyer program.

In addition if Red Roo and others were making this a priority with IT after identifying a potential security issue then I would have expected QF it to have closed access to the site until they can work out what the hell is going out yet 2 minutes ago I was able to log in and change passwords and other personal details.
 
re: Qantas launches "Aquire" business frequent flyer program.

Ansett said:
...yet 2 minutes ago I was able to log in and change passwords and other personal details.
Click to expand...

Were you changing your own personal details, or the details of others?
 
re: Qantas launches "Aquire" business frequent flyer program.

ABC1 said:
I reckon I could find out most of that stuff given a name and address with 60 minutes
Click to expand...
:D
So could I, but I wouldn't expect it to be handed to me on a plate. I'd expect to do a little leg work first
 
re: Qantas launches "Aquire" business frequent flyer program.

Fruitcake said:
Were you changing your own personal details, or the details of others?
Click to expand...


maybe it was mine maybe it was others !!!!
 
re: Qantas launches "Aquire" business frequent flyer program.

Ansett said:
Are you seriously saying that by checking an ABN you could get Mothers Maiden Name Account managers name Password phone number and email address????????
Click to expand...
To be fair, the password isn't visible and - as mentioned in ALH's initial post - the ABN (which was the original ABN entered by the applicant) doesn't match the company displayed upon hitting the "back" button.

But, yeah, I agree. Company name (from which the ABN can be quickly found), the Acquire programme's contact's full name and role (owner/director etc), phone number, email address, Qantas FF number and - most crucially - security question and answer (which would most likely be used to reset the password either online and/or via phone, depending on the procedures established) are details not quite as easily deduced as some self-styled hackers might think.

As well the possible exposure to the Acquire accounts that are in play now, the security questions posed are generic enough that they could conceivably be used to hack other systems as well. Ie, many websites use "Mother's maiden name", "Favourite colour", "Town of birth" etc to enable access in the event of a forgotten password, or even forgotten email address.

But hopefully the exposure was/is minimal and the hole quickly closed.
 
re: Qantas launches "Aquire" business frequent flyer program.

Pu Koh said:
they'll call you tomorrow when something's been done. I don't think she meant they were gonna wait until tomorrow to do something about it.
Click to expand...

...you seem to have a lot of faith here. I've lost count of the number of times my concerns have been given the 'mirror treatment' and then the person has just knocked off at 5 and 'assumed' someone else would take charge. Not talking about Qantas here. I'm talking banking and insurance, where people's money is at stake
 
Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 117 (members: 9, guests: 108)
Back
Top