Dodo and iPrimus hack impacts more than 1,600 home internet, email and mobile customers

More than 1,600 Dodo and iPrimus home internet and mobile customers have been affected by a hack of the telco's email and mobile services, the company has confirmed.

Vocus, the parent company that operates Dodo, announced in a statement on Saturday evening that it had detected "suspicious activity" in its email systems on Friday.

"Our initial investigation has revealed unauthorised access to approximately 1,600 email accounts, leading to unauthorised SIM swaps on 34 Dodo Mobile accounts.

"We have worked with impacted customers to reverse these SIM swaps and we continue to monitor this situation."

The telco also said that its technical teams were continuing to work on Saturday to restore email services for its customers.

In an update on Sunday, Dodo said access to email services had been restored by 7am AEDT, although customers would need to call the telco to set themselves new account passwords.

An online monitor on Saturday appeared to show that Dodo's website had been temporarily impacted by the disruption, with dozens of outage reports received by the Downdetector website between 7am and 10pm.

Vocus has a 9.2 per cent market share of the National Broadband Network (NBN), making it Australia's fourth-largest internet provider behind Telstra, TPG and Optus.

The Australian Competition and Consumer Commission (ACCC) said in August that the company also had more than 804,000 active residential broadband services within its customer base, as of June this year.

In 2020, the competition regulator took Dodo and iPrimus to court for allegedly misleading their customers about the speeds of NBN broadband services, claiming that the operators made false statements regarding capabilities.

The hack represents the latest incident in a string of issues impacting Australia's largest telco companies.

In August, Australia's second-largest internet, iiNet, confirmed that about 280,000 active email addresses and roughly 20,000 landline phone numbers used by its customers had been compromised and extracted from the company's order management system.

Another 10,000-odd iiNet user names, street addresses and phone numbers and about 1,700 modem set-up passwords were also believed to have been accessed by an unknown third party that gained access to the system after stealing account credentials from an employee, early investigations suggested.

In September, a widespread Optus outage caused hundreds of emergency triple-0 calls to fail and led to the deaths of four people — including an eight-week-old baby — in an incident that impacted three states and the Northern Territory.

That incident also came after the passports and driver licence details of about 2.8 million Optus customers were compromised in a 2022 data hack that the Australian Communications and Media Authority ruled could have been prevented years earlier.

Written by: Luke Cooper, ABC News.