The alleged hacker for Optus says sorry for the data leak and drops the ransom threat.
Online account says it gave out information about 10,000 customers and threatened to give out more information before changing its mind.
An alleged attacker who wanted millions of customer records in exchange for a ransom payment from Optus posted 10,000 of those records online on Tuesday. The attacker then took back the threat and deleted all demands.
On Monday night, the alleged attacker uploaded a text file with 10,000 records to a website for data breaches and threatened to leak 10,000 more records every day for the next four days unless Optus paid $1 million in cryptocurrency.
Names, dates of birth, email addresses, driver’s license numbers, passport numbers, Medicare numbers, phone numbers, and addresses were all in the text that was leaked. It also had more than a dozen state and federal government email addresses, including four from the Defense Department and one from the Department of Prime Minister and Cabinet.
But by late Tuesday morning, it looked like the alleged attacker had changed their mind. They deleted their posts and said they had also deleted the only copy of Optus’s data.
“Too many eyes. We won’t give data to anyone else. We can’t, even if we want to: personally delete data from drive (Only copy),” they said in a new post.
“Sorry to 10,200 Australians whose information got out.
“Australia has nothing to gain from fraud, and it can be stopped. Perhaps for 10,200 Australians, but not for the rest of the people. Sorry about that.”
The alleged attacker apologized to Optus and said they would have told Optus about the exploit if they could have. Optus said no ransom has been paid.
Customers of Optus who are worried about being caught up in the breach will not be relieved by this sudden change of heart.
Optus still says that the breach was caused by a “sophisticated attack,” but the federal government says it was because the company made a mistake and left the data online.
It’s not clear if the alleged attacker got the customer information or if they were the only ones who did.
Mark Dreyfus, the attorney general, said on Tuesday that the US Federal Bureau of Investigation was helping the Australian federal police find out who might have gotten into the data and who was trying to sell it.
There are rumors that scammers are already going after Optus customers to take advantage of the breach.
The Commonwealth Bank of Australia (CBA) said on Tuesday that it had closed an account that was mentioned in an SMS message that was sent to victims of the Optus data breach to try to get them to pay $2,000 in cash.
In the SMS, the victims were told that if they didn’t pay the money, “your information will be sold and used for fraudulent activities within 2 days.”
A CBA spokesperson said that the bank was “aware of an SMS that asked for money and mentioned a CBA bank account after the Optus data breach,” and that the account had been found and blocked.
Because the account is blocked, money can’t be moved into or out of it. We know that no money was put into the account between the time the SMS was sent and the time CBA blocked it.
The CBA spokesperson said, “We continue to work closely with the Australian Federal Police and other investigative, government, and regulatory authorities to limit the effects of any fraud or scams that may have been sparked by the events of the past few days.”
Tuesday morning, a Nine Entertainment reporter was the first to post about the SMS message on Twitter.
CBA also said it was giving customers a free service called SavvyShield that makes it easier for people who think their identity has been stolen to block inquiries about their credit history and stop people from trying to get credit in their name.