Michelle Ainsworth reports:

Account details of up to one million Telstra customers have possibly been breached after an internal website was made public. The website listed Telstra customers on bundle plans and included their names, plan types, contact they had had with Telstra customer service and in some instances their account passwords, the Herald Sun reported.

It was found by a Telstra customer who had googled looking for a customer service phone number.

Read more on The Herald Sun.

Asher Moses and Ben Grubb of The Age provide additional details, including customer reactions:

Another customer and freelance writer, Emily Eklund of Rozelle in NSW, said she was “frustrated” that her username, password, credit check history and extensive correspondence with a Telstra staff member was available when she checked if her information was accessible on the Telstra site at 4.30pm AEDST today.

“My concern was that [anyone who knew about the site] had access to my email with a password,” she said. “They could have accessed any of my personal emails which could include details to other important information of mine.