NewsBite

Alleged hacker apologises to Optus after data of 10,000 customers reportedly released

The alleged Optus hacker has made an unexpected announcement just hours after reportedly releasing 10,000 customer records as part of a ransom demand.

Government criticises Optus over data breach

The person allegedly behind the cyber attack on Optus has made a surprising announcement about the millions of customer details they claim to be in possession of.

On Tuesday morning, the alleged hacker, known only as Optusdata, claimed there were “too many eyes” on them and they had made the decision not to sell or leak any more data.

The update comes just hours after the person claimed to have exposed the data of 10,000 customers in a bid to pressure Optus into giving into their ransom demands.

In the latest message, the person apologised to the Australians impacted by the data leak and said they couldn’t release more data even if they wanted to because they had “personally deleted data from drive”, which they claimed was the only copy.

The alleged hacker also offered their “deepest apology” to Optus, saying they “hope all goes well from this”.

The new message appeared hours after the hacker claimed to have released the data of 10,000 Optus customers. Picture: Supplied
The new message appeared hours after the hacker claimed to have released the data of 10,000 Optus customers. Picture: Supplied

“Optus if your (sic) reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message,” the message read.

“Ransom not paid but we don't care any more.”

The alleged hacker claimed it was a “mistake” to publish the data in the first place.

Cyber security researcher and writer Jeremy Kirk from ISMG Corp, who has been in contact with the alleged hacker, revealed more “bad news” for thousands of Australians on Tuesday morning.

“The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand,” he wrote on Twitter.

The move came just days after this same hacker posted a ransom on an online forum early on Saturday morning, demanding Optus pay $US1 million (A$1.5 million) in cryptocurrency.

The person claimed to have important data about 11.2 million Optus customers, including their names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver’s licence or passport numbers.

They claimed that if the demand was not met then they would being to leak the sensitive information online.

An Optus spokesperson told news.com.au that the Australian Federal Police was aware of this thread.

“We are co-operating with them on their investigation to find the criminals who have conducted this attack,” the spokesperson said.

Mr Kirk shared a screenshot of a message allegedly written by the hacker, in which the person demanded Optus only contact them online.

“We are businessmen 1.000.000$US is a lot of money and will keep too (sic) our word,” the message read.

The cyber criminal wants the payment to be made in Monero, a decentralised cryptocurrency, making it hard to track down the identity of the recipient.

The alleged hacker claimed if Optus cared about their customers it would pay the ransom, noting that $US1m was a “small price to pay” compared to the revenue they make.

If the money is paid then the hacker claimed the customer data would be deleted from their hard drive.

“Only 1 copy exist. Will not sale (sic) data … completely gone,” the message read.

The telco company has been given four days to decide whether to pay the ransom.

Stream more tech news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >

Optus have been given four days to pay the alleged hacker and stop the data of millions of customers being released. Picture: NCA NewsWire/Andrew Henshaw
Optus have been given four days to pay the alleged hacker and stop the data of millions of customers being released. Picture: NCA NewsWire/Andrew Henshaw

Worryingly, Mr Kirk also pointed out that the new data appeared to show that Medicare numbers may also have been exposed for some customers.

He said the word “Medicare” appeared 55 times across the new data set.

When the first post from the alleged hacker appeared online, Mr Kirk said the sample dataset provided by the unknown person aligned with the breach and indicated they may indeed be the person behind the attack.

“I just ran 13 email addresses from the first batch of sample data from the alleged Optus leak through Haveibeenpwned [a website that shows if your email or phone number has been involved in a breach]. Six come back as unique (not in another breach indexed in HIBP),” he said.

“Again, another strong sign that the Optus data is real.”

Mr Kirk also said he contacted the hacker and they gave him a detailed explanation on how they completed the hack, which also convinced him the person was “the real deal”.

Expert reveals motive behind Optus attack

Speaking to Nine’s Today show on Tuesday morning, cyber security threat analyst, Brett Callow, said the motive for the breach was “money, plain and simple”.

“They are looking to score a big payday,” he said.

Mr Callow threw doubts on the claims from Optus that this had been a “sophisticated” cyber attack.

“It would sound like something potentially a high school kid could’ve pulled off,” he said.

The alleged hacker claimed to have released the data of 10,000 Optus customers. Picture: iStock
The alleged hacker claimed to have released the data of 10,000 Optus customers. Picture: iStock

Mr Callow said these kind of attacks have increasingly become a bigger issue in recent years.

“People are weaponising companies’ customers. They are stealing their data, in some cases, they are actually contacting the people to which the data relates,” he explained.

“That happens very often in an attempt to get those people to pressure the companies into paying.”

Previously, Optus CEO Kelly Bayer Rosmarin said reports of 9.8 million records being compromised is the “absolute worst case scenario”.

She described the situation as a “sophisticated attack” and said Optus acted immediately to stop any further action after learning of the attack, and authorities had been called in to assist in investigating the source.

“We are very sorry and understand customers will be concerned,” she said.

“Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.

“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

Originally published as Alleged hacker apologises to Optus after data of 10,000 customers reportedly released

Original URL: https://www.couriermail.com.au/technology/online/alleged-optus-hacker-claims-10000-customer-records-leaked/news-story/618fa8fa7de7fea00e281958c36a67f4