Telstra's BigPond GameArena and Games Shop sites have fallen victim to hackers who may have obtained BigPond games usernames, email addresses and the encrypted passwords of up to 35,000 users.
The sites are operated by a third party that Telstra has not disclosed. A Telstra spokesperson said the telco was notified by the sites' operator yesterday evening.
The spokesperson declined to give technical details of the breach. "We are not divulging them at this stage while we're still investigating what happened, and with security incidents the less that's out there in the public domain for others learn from the better," the spokesperson said.
Telstra worked with the vendor yesterday to plug the security hole, the spokesperson said.
The passwords of 230,000 GameArena and Games Shop users have been reset. According to Telstra, no financial details were stored on the sites. A notice on the sites displayed to users states: "We have reset the passwords of GameArena and Games Shop customers, after the sites were victims of a hacking attack.
"Information that might have been obtained was limited to BigPond Games usernames, the email address used to join the site and the encrypted GameArena and Games Shop passwords.
"No financial or credit card details were kept on the sites.
"While your password for access to the site has been changed, and the new password has been emailed to you, we encourage you to change it at any other site where you might have used the same password.
"Telstra BigPond Broadband password details, used for games service access, have not been affected."