The Optus Hacker Says They Deleted Data But Customers Are Reporting Scam Texts Demanding Money

optus-hacker-10000-customers

The hacker who claims to be behind the Optus cyberattack has apologised for leaking customer data and walked back threats to release more unless they’re paid $1 million USD ($1.5 million AUD) in the next four days.

The hacker known as Optusdata posted on Tuesday morning there were “too many eyes” on them and they had made the decision not to attempt to sell or leak any more data.

The hacker also offered their “deepest apology” to Optus and said they “hope all goes well from this”.

“Optus if your (sic) reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message,” the message read.

“Ransom not paid but we don’t care any more.”

This update came after they said late on Monday they had released 10,000 customers’ data already and would release a new batch of data every day until their ransom demands were met.

The hacker said today it was a “mistake” to publish that data in the first place.

Reports also emerged on Tuesday that customers had received scam text messages that included their personal information and demanded payment in exchange for keeping it private.

One anonymous Optus customer told news.com.au he received a text on Monday night with his personal details including his name, address and employment history that demanded he pay “or we sell all”.

“This is OPTUS, We give datails (sic) yours to every1. Now you pay us or we sell all,” the message read.

It then listed the man’s home address and a former employer, before another text was sent that read: “Just fucking with you.”

optus-hacker-apologises-texts
Image via news.com.au.

Nine News reporter Chris O’Keefe also posted a screenshot of a text message on Twitter sent to a cyberattack victim demanding they pay $2000 to a Commonwealth Bank account.

“Hello, Optus has left security measures allowing us to access the personal information of their customers including name, email, phone number, date of birth, address and license number,” the text read.

“Optus has since not responded to our demand of paying the 1M$USD ransom as such your information will be sold and used for fraudulent activity within 2 days or until a payment of $2,000AUD is made then the confidential information will be erased off our systems.”

The message requested “bank transfer $2000” to an account named OptusData.

The hacker said in their message on Monday night $1 million was a “small price to pay” if Optus really cared about its customers, compared to its multi-billion-dollar annual revenue. The telco reported a $7.8 billion revenue in the 2021/22 financial year.

They claimed to have the data of about 11.2 million Optus customers, including names, dates of birth, contact details, addresses and ID numbers such as driver’s licence and medicare.

The message said Optus had four days to pay before they leaked the lot.

Before the hacker posted an apology Optus CEO Kelly Bayer Rosmarin told ABC Radio on Tuesday morning the Australian Federal Police were investigating the ransom demands.

“We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that,” she said.

Home Affairs Minister Clare O’Neil said at the weekend steps needed to be taken to ensure such cyberattacks didn’t happen again. She said we can expect several changes to company regulations would be announced by the Federal Government in the coming days.

In the meantime, if you’re an Optus customer and you’re worried about your data, there are some steps you can take to protect yourself.

More Stuff From PEDESTRIAN.TV