{"id":48615,"date":"2022-09-27T15:38:57","date_gmt":"2022-09-27T15:38:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33878\/Alleged-Optus-Hacker-Apologizes-For-Data-Breach.html"},"modified":"2022-09-27T15:38:57","modified_gmt":"2022-09-27T15:38:57","slug":"alleged-optus-hacker-apologizes-for-data-breach","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/alleged-optus-hacker-apologizes-for-data-breach\/","title":{"rendered":"Alleged Optus Hacker Apologizes For Data Breach"},"content":{"rendered":"
<\/div>\n

An alleged attacker who was seeking a ransom payment from Optus<\/a> in exchange for millions of customer records published 10,000 records online on Tuesday before retracting the threat and deleting all demands.<\/p>\n

On Monday night the alleged attacker uploaded a text file of 10,000 records to a data breach website and promised to leak 10,000 more records each day for the next four days unless Optus paid $1m in cryptocurrency.<\/p>\n

The text leak contained names, dates of birth, email addresses, driver\u2019s licence numbers, passport numbers, Medicare numbers, phone numbers and address information. It also included more than a dozen state and federal government email addresses, including four from the defence department and one from the Department of Prime Minister and Cabinet.<\/p>\n

<\/gu-island><\/figure>\n

But by late Tuesday morning, the alleged attacker had apparently had a change of heart, deleting their posts and claiming they had also deleted the only copy of the Optus data.<\/p>\n

\u201cToo many eyes. We will not sale [sic] data to anyone. We can\u2019t if we even want to: personally deleted data from drive (Only copy),\u201d they said in a new post.<\/p>\n

\u201cSorry too [sic] 10,200 Australian whos [sic] data was leaked.<\/p>\n

\u201cAustralia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you.\u201d<\/p>\n

The alleged attacker apologised to Optus and said they would have reported the exploit if Optus had made it possible to report. Optus said no ransom has been paid.<\/p>\n

This sudden about-face will not bring relief to Optus customers stressed about being caught up in the breach.<\/p>\n

Optus is still claiming the breach occurred due to a \u201csophisticated attack\u201d, while the federal government maintains that it was due to an error by the company that had left the data accessible online.<\/p>\n

It is unclear if the alleged attacker obtained the customer data \u2013 and whether they were the only party to do so.<\/p>\n

The attorney general, Mark Dreyfus, confirmed on Tuesday that the Federal Bureau of Investigation in the US was assisting the Australian federal police\u2019s operation to discover who might have accessed the data, and who was attempting to sell it.<\/p>\n

There are suggestions scammers are already trying to capitalise on the breach by targeting Optus customers.<\/p>\n

The Commonwealth Bank of Australia (CBA) said on Tuesday it had blocked an account referenced in an SMS message designed to extort $2,000 from victims of the Optus data breach.<\/p>\n

\n