Optus ‘hacker’ vanishes from online forum after ransom backflip

The alleged Optus hacker has vanished from the anonymous online forum where they had been posting after being mocked by their peers for their sudden backflip.

On Tuesday, the alleged hacker, known only as Optusdata, claimed there were “too many eyes” on them and they had made the decision not to sell or leak any more data.

Since then, they have not returned to their account on the hacking forum, with their profile showing they last logged in that same day.

The website also allows other users to award or take away points to a user’s “reputation”.

Optusdata’s reputation is now at minus 41, with multiple users awarding them negative points because they “pulled out” and got “in too deep”.

In their final message to the forum, the alleged hacker apologised to the Australians impacted by the data leak and said they couldn’t release more data even if they wanted to because they had “personally deleted data from drive”, which they claimed was the only copy.

They also offered their “deepest apology” to Optus, saying they “hope all goes well from this”.

“Optus if your (sic) reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message,” the message read.

“Ransom not paid but we don’t care any more.”

The alleged hacker claimed it was a “mistake” to publish the data in the first place.

Hours before the backflip they had claimed to have exposed the data of 10,000 customers in a bid to pressure Optus to give into their ransom demands.

The alleged hacker said they would release more details in 10,000 batches for four days unless Optus pay them $US1 million ($A1.5 million) in cryptocurrency.

The cyber criminal wanted the payment to be made in Monero, a decentralised cryptocurrency, making it hard to track down the identity of the recipient.

Peers mock alleged hacker

The recent backflip and apology from the anonymous poster has resulted in relentless mocking from their peers.

One poster branded them an “amateur” and questioned their whole thought process when making their demands to the telco.

“So why don’t you just return the data in a file to Optus and delete what you have so they can match it to their customers?” they asked.

“BTW Monero Sux. Really for a million dollars, Could have got a job with Optus for knowing this breach and they probably would have legit paid you a million to plug the leak.

“No too smart aye! If your gonna data steal at least don’t be an amateur.”

Another person said threatening Optus and asking for a ransom was a “pretty stupid move to begin with”.

One user claimed that the alleged hacker’s work was not at a “professional level”, while another commented: “Play stupid games, win stupid prizes.”

One person joked: “Me when my mum tells me to give something back and apologise even though I’m not really sorry.”

Optus confirms Medicare details impacted

On Tuesday morning, cyber security researcher and writer Jeremy Kirk from ISMG Corp revealed more “bad news” for thousands of Australians.

“The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand,” he wrote on Twitter.

Worryingly, Mr Kirk also pointed out that the new data appeared to show that Medicare numbers may also have been exposed for some customers.

He said the word “Medicare” appeared 55 times across the new data set.

Now, Optus has confirmed the valid Medicare ID numbers of 14,900 Australians were exposed in the breach.

The telco said it would contact all customers who had their Medicare data breached within 24 hours.

“Please be assured that people cannot access your Medicare details with just your Medicare number,” Optus said in a statement on Wednesday night.

“If you are concerned or have been affected, you can replace your Medicare card as advised by Services Australia.”

When Optus first informed customers of the cyber attack, they said information like names, addresses, passports and drivers licences had been accessed in the breach, with no mention of Medicare details.

Before Optus had confirmed this detail, news.com.au reported that multiple customers had been left shocked after discovering their Medicare details were at risk.

One frustrated Optus customer, who wished to remain anonymous, told news.com.au that she contacted the telco on Tuesday morning after not receiving any information about whether her details had been compromised.

After reaching out, she said an Optus representative confirmed her driver’s licence and Medicare card details had been impacted by the breach.

“I can see that your account has been flagged as being impacted by the cyberattack,” the Optus representative said.

The Optus worker ensured the woman that her account passwords were “completely safe” before listing the compromised ID documents as driver’s licence and Medicare card.

Another customer told news.com.au they only found out their Medicare details had been leaked after reaching out to Optus via the telco’s live chat feature on its website.

When news.com.au asked Optus to respond to claims of Medicare details being leaked in the hack, a spokesperson claimed they could not provide further details due to the AFP investigation.

“We are working with the AFP on their investigation of this attack. On their request, we’ve been asked not to discuss further details as it might compromise their ability to find the bad actor,” the spokesperson said.

Originally published as Optus ‘hacker’ vanishes from online forum after ransom backflip

Read original article here

Denial of responsibility! Toys Matrix is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@ toysmatrix.com . The content will be deleted within 24 hours.

Leave a comment
My title Page contents