A Hacker Broke into the Australian Telecom Operator Optus, Stole the Data of 11 million People and… Apologized

Last week, a hacker named optusdata broke into Australia’s second-largest telecommunications company, Optus. The attacker said that he stole the data of 11 million subscribers and demanded a ransom, but now law enforcement agencies are interested in him, the attacker claims that he deleted all the data and apologizes to the victims.

The hacker claimed to have obtained data such as customer names, dates of birth, phone numbers, email addresses, physical addresses, driver’s license and passport numbers, but not account passwords or financial information. It is worth noting that Optus did not write anything about the extent of the leak, and information about 11 million affected users was reported by local media and the hacker himself.

As proof of his words, the attacker posted a sample of the stolen data (information of 10,000 users) on the Breached hack forum and demanded that the company pay a ransom of $ 1,000,000, and otherwise threatened to reveal all the stolen data at all.

Information security experts say the victims of this leak have already begun receiving messages from scammers who demand 2,000 Australian dollars (about $1,300) within two days, or promise to resell the data to other hackers.

Interestingly, in an interview with journalist Jeremy Kirk, optusdata said that he penetrated the company’s network through an insecure API endpoint, and in fact did not hack anything.

The scandal around hacking and extortion turned out to be loud, and Optus management did not negotiate with the hacker, turning directly to law enforcement agencies. As a result, the Australian Federal Police announced the launch of Operation Hurricane, in which it is planned to find and arrest the people behind this hack and leak.

As information about the incident reached its highest level, South Australian Minister for Infrastructure, Transport, Energy and Mining Tom Cutsantonis announced that all victims of this data breach would receive new driver’s licenses free of charge.

After attracting so much scrutiny from the authorities, optusdata had to back down. In his new message on the Breached hack forum, the hacker was quick to assure that he would no longer distribute stolen information due to increased control over the leak. He also states that all data has already been deleted from his device (supposedly it was the only copy), and apologizes both to all affected Optus customers and to the company itself.