The alleged Optus hacker has suddenly deleted their online extortion threat shortly after releasing what they claim were the details of 10,000 customers obtained during last week’s data breach.
On Tuesday morning, the user Optusdata edited its original post about the data breach on a popular hacking forum to link to more user data.
“Since they not payed yet here is 10.0000 record from address file,” it wrote.
Optusdata also promised to release data from another 10,000 users for the next four days unless Optus pays US$1 million in the untraceable cryptocurrency Monero.
Not long afterwards, the account’s original post was deleted. It was replaced with a new post that claimed the stolen data had been deleted and apologising for the breach.
Too many eyes. We will not sale [sic] data to anyone. We cant if we even want to: personally deleted data from drive (Only copy). Sorry too 10.200 Australian whos data was leaked. Australia will see no gain in fraud, this can be monitored. Maybe for 10.200 Australian but rest of population no. Very sorry to you. Deepest apology to Optus for this. Hope all goes well from this.
Alleged Optus hacker Optusdata
The account also criticised Optus for failing to offer any way to report an exploit: “Optus if your [sic] reading we would have reported exploit if you had method to contact. No security mail, no bug bountys [sic], no way too [sic] message.”
Crikey has not been able to independently verify the data with any of the individuals purported to be in this data set. Over the weekend, Optus said it would not confirm or deny whether the data in the sample is real.
Security researcher Jeremy Kirk noticed that the released data contained what appeared to be Medicare numbers. Email addresses included suggest that a number of government employees, including members of the Department of Defence, are included in the breach.
Optus said the company has contacted individuals whose details were compromised because of the cyber attack. Yesterday it said it would pay for a year of credit monitoring and identity protection for all current and former customers included in the breach.
This saga has revealed Optus management to be incompetent. As an Optus subscriber my perception is not that they have been ‘transparent’ as the CEO claims. Instead, they appear out of their depth especially when providing conflicting information regarding the difficulty of the hack despite IT tech, Jeremy Kirk, explaining how simple it was.
An unsparing review of Optus management is now essential.
Dunno if the Optus debacle affected phones, broadband or both, but I am OK because I use Mint telecom, based in Hobart. I rang them to check their system is tight and they said they already have in place whatever it was that Optus failed to do. Mint Telecom is excellent – never a queue when you ring and usually Josh answers.
What I can’t understand is why Optus is asking for SO MUCH personal info. Medicare?, Drivers License? What’s going on there ?
That in itself is surely a huge question. And no-one in the media has asked ?
Indeed . And why are they keeping after they have opened the account?
Yes. Thinking the same. Medicare numbers !!
This does not seem to be correct – OPTUS is apparently only offering the service to the “most affected current and former customers whose information was compromised because of a cyberattack”
Many businesses have demanded maximum personal data including passport details and drivers’ licences for legitimate identification purposes but have retained that data in perpetuity for the potential of debt collection if customers fail to pay and also mapping and tracking customers behaviour for marketing and other tradeable third party activity. Security breaches need to cost them dearly because they have commodified and monetised their customers well beyond the nature of the service offered and they need to be regulated in order to protect consumers from these intrusions.
I have long advocated, to zero effect, that identity should be our personal patent, ie copyright – any entity requiring details for their purposes should thus be subject to the ‘fair use’ provision which is commonplace copyrightand of centuries long standing so the wrinkles have been ironed out.
A vanishingly small tax (as per Tobin) on usage would not bankrupt or even inconvenience the commercial world but would be a constant reminder of the proper relationship between them and WE, the People.