A hacker who alleged to have targeted Australia’s second-largest telecom firm Optus and obtained data of millions of Australians has dropped more records online. Previously, the hacker asked for a ransom payment of approx.—$ 1 million in exchange for customer records. However, on Tuesday, the attacker retracted this demand.
Optus Hacker Published Apology After Releasing New Dataset
On Monday, the alleged attacker published an initial dataset of Optus customers, which contained 200 records. The hacker uploaded the text file of these records on a data breach website and claimed to keep leaking 10,000 new records every day for the next four days if Optus didn’t agree to pay the ransom in Monero cryptocurrency.
However, the hacker surprisingly deleted the extortion threat after releasing the latest batch of 10,000 records. The hacker also apologized to the company by editing the original data breach post revealing that the stolen data is deleted and he was sorry for the breach.
“Too many eyes. We will not sale data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” the edited post read.
The alleged Optus hacker said they were sorry to the Australians impacted by the breach.
“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australians but the rest of the population no. Very sorry to you.”
However, this change of heart may not offer much solace to Optus customers.
The stolen data includes Optus customers’ names, email addresses, dates of birth, passport numbers, driver’s license numbers, phone numbers, addresses, and Medicare numbers. It also includes over a dozen federal and state government email IDs.
Furthermore, the compromised data also had four emails from the defense department and one from the Prime Minister’s department and Cabinet.
As reported by Hackread.com, Optus confirmed the data breach on Thursday, claiming that its customers’ personal data might have been compromised in the breach.
Reportedly, the attackers accessed the customer identity database of the company and exposed it to other systems via exploiting the Application Programming Interface. Optus believes its network was exposed to a test network with internet access.
The hacker blamed Optus’ weak security for the data breach and criticized the company for the absence of any mechanism to report an exploit. Conversely, Optus claims the breach resulted from a sophisticated attack.
It is unclear whether the alleged Optus hacker was the only one to access the data or was exposed to another party. The FBI and the Australian federal police have collaborated to discover the attacker and whoever accessed the data. Until the perpetrator is caught, scammers might have a field day as they are already gearing up to profit from the leaked data.
According to the Commonwealth Bank of Australia, they blocked an account attempting to extort $2,000 from one of the victims of the Optus data breach.
- Hacker returns $17 million worth of stolen Ethereum
- Hacker returns $25 million after their IP address is exposed
- Telecom giant behind routing SMS discloses 5-year-long data breach
- Multichain hack: Hacker returns $1 million, keeps $150k as a bug bounty
- Croatian Police arrests minor over A1 Telecom data breach & ransom demand