How Telstra is alerting customers to the breach on its website.

How Telstra is alerting customers to the breach on its website.

Telstra has been hit by a "hacking attack" affecting 35,000 customers, just a week after one of its IT staff told a security conference the telco was reviewing how it secured and stored customer information.

The hacking attack occurred on the servers of a third party company that runs Telstra BigPond's GameArena and Games Shop websites, the telco said in a statement this morning.

It said information that may have been obtained "was limited to BigPond Games user names, the email address used to join the site and the encrypted GameArena and Games Shop passwords of up to 35,000 customers".

The company had therefore reset the passwords of users of those sites "as a precaution" despite them being encrypted. "We will contact affected customers, with their new password, as soon as possible," it said.

The Office of the Australian Information Commissioner confirmed the Privacy Commissioner, Timothy Pilgrim, was investigating the incident.

Telstra encouraged customers affected by the breach to change their password if they used the same one at other sites.

The hacking attack comes after Telstra exposed about 800,000 customer records in December by not securing an internal tool used for looking up customer information.

The December breach was described by Scott McIntyre, Telstra's security operations senior technology architecture specialist, as being a "wonderful learning experience" for the telco in how it secures customer data.