Uncovered Hackers Ransom Letter to Optus

Name: computer repairers
Brand: The Original PC Doctor
Rating: 4.8 (1226 reviews)

An alleged attacker seeking a ransom payment of 1 million USD from Optus in exchange for customer records published 10,000 online on Tuesday 27th of September; the hacker then issued an apology online, and then the hacker’s account on the forum was shut down by authorities.

optus break ransom mail with urls blocked out 1

Optus ransom mail Friday 22nd September with urls blocked out

On Monday night 26th of September, the alleged attacker uploaded a text file of 10,200 records to a data breach website on the dark web and promised to leak records each day for the next four days unless Optus paid $1 million USD in untraceable cryptocurrency called Monero.

The leaked text file contained full names, gender (Mr, Mrs), dates of birth, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers and home addresses. The list also included dozens of state and federal government email addresses, including from the defence department and from the Department of Prime Minister and Cabinet.

By late Tuesday 27th morning, the alleged attacker had had a change of mind, while their account on the dark web chat goup had been shut down. Please see the actual message from the hacker below;

This sudden change in events will not bring relief to Optus customers worried about being caught up in the data breach. See the actual post below from the dark web chat group:

Optus apology letter 27th September urls blocked out

Optus is claiming the data breach occurred due to a “sophisticated attack”; the federal government maintains that it was due to a simple error by the company that had left the data accessible to anyone online and that the data was very easily accessible by anyone with basic computer programming experience.

It is not 100% known if the alleged attacker is the person or entity whom obtained the confidential customer data.

The attorney general, Mr Mark Dreyfus, confirmed that the FBI in the US was assisting the AFP operation to discover who might have accessed the Optus data.

There are suggestions that some scammers are already trying to capitalise on the breach by targeting Optus customers.

The Commonwealth Bank of Australia said on Tuesday it had blocked an account referenced in an spam SMS message designed to extort $2,000 from poor victims of the Optus client data breach.

References

https://optus.com.au/about/media-centre/

Written by The Original PC Doctor on 29/9/2022.

Embark on a journey of connection and joy! Share this page with your loved ones on your favourite digital platform. Click one of the icons below and let the magic of sharing begin!