Optus hacker apologizes and allegedly deletes all stolen data, Australia, Australian Federal Police, Data Breach, Data Leak, Optus, Stolen Data

The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.

Optus, Australia’s second-largest mobile operator, first disclosed the security breach on September 22, 2022, saying that an attacker might have gained access to customers’ personal information.

This information includes a customer’s name, dates of birth, phone numbers, email addresses, physical addresses, driver’s licenses, and passport numbers, but no account passwords or financial information.

On September 23, 2022, a hacker using the alias “optusdata” published a small sample of the stolen data on the Breached hacking forum and demanded that the firm pay a $1,000,000 (USD) ransom or the data for 11,000,000 customers would be publicly leaked.

Optus didn’t give in to the extortion demands and instead engaged with law enforcement authorities to investigate the incident.

The hacker told reporter Jeremy Kirk that they used an unsecured API endpoint to steal the data rather than breaching the company’s internal systems.

After not receiving a ransom demand, the threat actor released a larger sample of stolen data for 10,000 Optus customers for free on the same hacking forum, allowing threat actors to download and abuse it for their own campaigns.

Today, reports from victims of the data breach have started to receive messages demanding the payment of AUD 2,000 ($1,300) within two days, or their data would be sold to other hackers.

Optus hacker apologizes and allegedly deletes all stolen data, Australia, Australian Federal Police, Data Breach, Data Leak, Optus, Stolen Data

Source: Chris O’Keefe

The threat actor listed a Commonwealth Bank of Australia (CBA) account to receive the money, which the financial institution has since blocked.

While the texts include the name ‘OptusData’ used by the original hacker, it is unclear if they are behind the SMS texts or another threat actor who downloaded the leaked data sample.

Giving up on the extortion

Today, the alleged Optus hacker posted a new message on Breached stating that the stolen data will no longer be sold or leaked to anyone due to increased scrutiny on the data breach.

The threat actor also claimed that the stolen data had been deleted from their device that held the only copy and apologized to both the exposed Optus customers and the company.

“Too many eyes. We will not sale data to anyone. We can’t if we even want to: personally deleted data from drive (only copy),” claims the threat actor.

Optus hacker apologizes and allegedly deletes all stolen data, Australia, Australian Federal Police, Data Breach, Data Leak, Optus, Stolen Data

Alleged hacker’s statement from earlier today

It’s worth noting that the particular user was never officially confirmed as the person or group responsible for the Optus breach.

However, the decision to stop extorting the company likely comes in response to the Australian Federal Police (AFP) announcing yesterday that they launched “Operation Hurricane” to identify the threat actors behind the breach and extortion demands.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities,” announced the AFP.

“Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.”

As part of this operation, the AFP is working closely with overseas law enforcement to identify and apprehend those behind the attack.

Should AFP identify the person(s) responsible for the Optus breach, they will face penalties of up to ten years in prison.

Incident response

Optus continues to update its customers on the situation via a dedicated portal on its website. In addition, yesterday, it offered all impacted individuals a 12-month subscription to credit monitoring and identity protection service through Equifax.

Today, Australia’s Minister for Infrastructure, Transport, Energy & Mining, Tom Koutsantonis, announced that victims of the Optus data breach would receive new driver’s licenses free of charge.

The driver’s licenses that the attackers have stolen will be invalidated, as threat actors could use them to forge fake documents that match entries in the state’s system.

Finally, Cyber Security Minister Clare O’Neil told ABC during an interview that Australia’s current regulatory framework isn’t strict enough, and companies need to ramp up their effort to protect customer data as it happens in Europe with GDPR.

The official criticized Optus’s security stance, saying it “left the window open” for the hackers, so this incident might spark regulatory changes in the country.

TECH NEWS RELATED

South Dakota Governor Kristi Noem bans TikTok from state-owned devices, citing China links

South Dakota Governor Kristi Noem on Tuesday issued an executive order banning state employees and contractors from accessing the video platform TikTok on state-owned devices, citing its ties to China. TikTok is owned by ByteDance, a Chinese company that moved its headquarters to Singapore in 2020. It has been ...

View more: South Dakota Governor Kristi Noem bans TikTok from state-owned devices, citing China links

Researchers investigate neuron differentiation in fruit fly brains

Expression of slp1 and slp2 genes in medulla neuroblasts is controlled at transcription. (A) Schematic of Drosophila brain at the third instar larval stage highlighting the location of the optic lobe medulla. Medulla NBs (shown as circles), located on the surface of the optic lobe, are transformed from neuroepithelial ...

View more: Researchers investigate neuron differentiation in fruit fly brains

Engineered nanoparticles could help store excess carbon dioxide in the ocean

Seeding the oceans with nano-scale fertilizers could create a much-needed, substantial carbon sink. Credit: Stephanie King | Pacific Northwest National Laboratory The urgent need to remove excess carbon dioxide from Earth’s environment could include enlisting some of our planet’s smallest inhabitants, according to an international research team led by ...

View more: Engineered nanoparticles could help store excess carbon dioxide in the ocean

Understanding the environmental microbiome using confocal microscopy

Brian Shaw, Ph.D., using the confocal microscope that allows him to employ various imaging modalities in his research. Credit: Texas A&M AgriLife / Michael Miller Confocal technology is one of the most important advances in optical microscopy, and many disciplines within Texas A&M AgriLife and other parts of The ...

View more: Understanding the environmental microbiome using confocal microscopy

GPU shipments last quarter were the lowest they've been in over 10 years

The last time GPU shipments were this low we were in a massive recession.

View more: GPU shipments last quarter were the lowest they've been in over 10 years

How not to manage a business, starring Twitter's Elon Musk

Well, you can say one thing about Elon Musks' management style: it's different.

View more: How not to manage a business, starring Twitter's Elon Musk

Cisco SD-WAN update aimed at simplifying provisioning, management

Latest Cisco SD-WAN release will include new features to automate connectivity and expand support for regions to deliver greater redundancy and failover.

View more: Cisco SD-WAN update aimed at simplifying provisioning, management

AWS’ SimSpace Weaver positions to help run large-scale spatial simulations

The new managed compute service, now generally, will allow enterprises to run complex, 3D simulations with more than a million objects, AWS said at re:Invent.

View more: AWS’ SimSpace Weaver positions to help run large-scale spatial simulations

7 lies CIOs should never tell

GoPro Hero11 Black Mini review: Excellent video, smaller body

Japanese company aims to put first private lander on Moon, with UAE rover on board

Making 'transport' robots smarter

Australia eyeballs an adults-only loot box law

Investing In The MSI MEG Z790 ACE DDR5?

Cisco to gauge user experience with cloud-management service by AppDynamics

AWS adds machine learning capabilities to Amazon Connect

Samsung’s Self-Repair Program May Include Watches and Earbuds Soon

Why You Should Own an Impact Wrench

Ethereum Founder Vitalik Buterin Calls Governance Token Speculation ‘Pathological’

Developing the low-energy ion spectrometer for the Chinese BeiDou-3 satellite

OTHER TECH NEWS

Top Car News Car News