The mysterious hacker purporting to be behind the Optus data breach has suddenly apologised for the cyber-attack – after releasing the details of some 10,000 customers.
In a bizarre post on Tuesday morning, ‘optushacker’ claimed there were ‘too many eyes’ on them and said they would not sell or leak the hacked data of up to 10 million Australians.
In broken English, optushacker said: ‘Deepest apology to Optus for this. Hope all goes well from this’.
The hacker also claimed they would’ve told the telco about their vulnerability but there was no way of getting in touch with them.
‘Optus if your (sic) reading we would have reported exploit if you had method to contact,’ the apology continued.
‘No security mail, no bug bountys, no way too message. Ransom not paid but we don’t care any more.’
The extraordinary backflip comes hours after the cybercriminal threatened to release another 10,000 records every day for the next four days if a $1.5million ransom was not paid.
The customer records the hacker has released so far included passport, drivers licence and Medicare numbers, as well as dates of birth and home addresses.
In a bizarre post on Tuesday morning, ‘optushacker’ claimed there were ‘too many eyes’ on them and said they would not sell or leak the hacked data of up to 10 million Australians
About 11 million Optus customers had personal details stolen in data breach, and a hacker has threatened to release 10,000 of those everyday unless the company gives into a ransom of AUD $1.5m
Cybersecurity journalist Jeremy Kirk, who says he has been in contact with the hacker, shared details of the ransom note on Tuesday morning.
‘The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand,’ he wrote on Twitter.
Mr Kirk has questioned the hacker’s motivations behind the shock backflip tweeting: ‘Many questions around this: Why has this person seemingly changed their mind?’
‘Can we trust this person now? What does this person mean by writing about not being able to delete the data from the drive?’
The hacker has demanded the ransom of US$1million – or $1.5million Australian – be paid in Monero, a decentralised cryptocurrency.
‘We are businessmen 1.000.000$US is a lot of money and will keep too (sic) our word,’ the hacker’s message read.
The ransom demand comes after Home Affairs Minister Clare O’Neil launched a scathing attack on Optus in parliament, saying it was a ‘basic’ hack.
The hacker demanded a ransom of US$1million – or $1.5million Australian – be paid in Monero, a decentralised cryptocurrency (pictured, an Optus store in Sydney)
She laid blame for the security breach, which involved 9.8 million current and former customers, at the feet of the telco.
‘The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,’ Ms O’Neil said on Monday.
‘We expect Optus to continue to do everything they can to support their customers and former customers.’
However, Optus has rejected Ms O’Neil’s claim that the hack was not ‘sophisticated’.
The telco’s CEO Kelly Bayer Rosmarin said the breach was ‘not as is being portrayed’.
The ransom demand appeared on the dark web, with the hacker warning Optus had four days to decide
‘Unfortunately I think our briefing of the Minister happened after she (made those claims),’ she told the ABC.
‘Our data was encrypted and we have multiple layers of protection.’
Ms Bayer Rosmarin said the company could not do much about the ransom threat while it was being investigated by the Australian Federal Police.
‘We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that,’ she said.
Speaking to the Today Show on Tuesday morning, Mr Kirk said no one knows the true identity of the hacker.
‘This is the real challenge for investigators right now, they want to find this person, right, obviously, because this person is perpetrating extortion against an international company, and is in possession of a huge amount of personal data,’ he said.
‘There’s just a lot of ways to stay anonymous on the Internet and so what police and other investigators will be doing right now is trying to find out if that person has made any mistakes. Anything that leads to their in real life identity so hopefully they can make an arrest.’
Cybersecurity threat analyst Brett Callow, said the hacker’s only motivation was money and echoed Ms O’Neil’s claims that it was not a sophisticated attack.
‘It would sound like something potentially a highschool kid could’ve pulled off,’ he said.
Operation Hurricane was established by the AFP on Monday to identify the people behind the breach as well as prevent identity fraud.
Assistant Commissioner of Cyber Command Justine Gough said the investigation into the source of the data breach would be complex.
Optus boss Kelly Bayer Rosmarin says the company couldn’t do much about the ransom threat as it was being investigated by the Australian Federal Police
‘We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities,’ she said.
‘Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.’
The task force will work with the Australian Signals Directorate, overseas police as well as Optus.
Ms Gough said customers should be more vigilant in monitoring unsolicited texts, emails and phone calls in the wake of the Optus breach.
‘The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life,’ she said.
Slater and Gordon Lawyers are investigating whether to launch a class action lawsuit against Optus on behalf of former and current customers.
Class actions senior associate Ben Zocco said the leaked information posed a risk to vulnerable people, including domestic violence survivors and victims of stalking.
Home Affairs Minister Clare O’Neil slammed Optus saying the security breach was ‘basic’, however the telco has rejected those claims
Consequences may be less severe for other customers but the information could easily lead to identity theft, he added.
Ms O’Neil called on the telco to provide free credit monitoring to former and present customers who had their data stolen in the breach.
Optus has announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.
Ms O’Neil said the government was looking to work with financial regulators and the banking sector to see what steps could be taken to protect affected customers.
‘One significant question is whether the cyber security requirements we place on large telecommunications providers in this country are fit for purpose,’ she said.
‘In other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars.’
Prime Minister Anthony Albanese said the Optus data breach was a ‘huge wake-up call’.
As the government prepares to introduce new cybersecurity measures, Mr Albanese said the new protections would mean banks and other institutions would be informed much faster when a breach happened so personal data could not be used.
What Optus has said about the breach:
How did this happen?
Optus was the victim of a cyberattack. We immediately took action to block the attack which only targeted Optus customer data. Optus’ systems and services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Optus services remain safe to use and operate as per normal.
Has the attack been stopped?
Yes. Upon discovering this, Optus immediately shut down the attack.
We are now working with the Australian Cyber Security Centre to mitigate any risks to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner, and key regulators.
Why did we go to the media first instead of our customers?
The security of our customers and their data is paramount to us. We did this as it was the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity. We are now in the process of contacting customers who have been impacted directly.
What information of mine may have been exposed?
The information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Customers affected will be notified directly of the specific information compromised.
Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payments details, and account passwords have not been compromised.
What should I do to protect myself if I suspect I am a victim of fraudulent activity?
We are not currently aware of any customers having suffered harm, but we encourage you to have heightened awareness across your accounts, including:
Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
How do I contact Optus if I believe my account has been compromised?
If you believe your account has been compromised, you can contact us via My Optus App – which remains the safest way to contact Optus or call us on 133 937 for consumer customers. Due to the impact of the cyberattack, wait times may be longer than usual.
If you are a business customer, contact us on 133 343 or your account manager.
How do I know if I have been impacted?
We are in the process of contacting customers who have been directly impacted.