The hacker behind the Optus data breach has seemingly apologised and claims to have deleted their sole copy of the mined data.
Littered with spelling mistakes and grammatical errors, the latest message has left investigators stumped.
The user ‘Optusdata’ removed their original post, on a popular online data breach forum, which called for Optus to pay a $US1 million ransom, The Australian reported.
“Too many eyes,” the latest memo read.
“We will not sale data to anyone. We cant if we even want to: personally deleted data from drive (Only copy).
“Sorry too 10.2000 Australian whos data was leaked.
"Australia will see no gain in fraud, this can be monitored. Maybe for 10.200 Australian but rest of population no. Very sorry to you.
“Deepest apology to Optus for this. Hope all goes well from this.
"Optus if your reading we would have reported exploit if you had method to contact. No security, no bug bountys, no way too message.
“Ransom not payed, but we don’t care any more. Was mistake to scape publish data in first place.”
The announcement came just hours after the same account said it released the information of 10,000 Aussie customers on the dark web, and threatened to keep releasing details until Optus paid a $1.5 million ransom.
Optus customers receive texts asking for $2000
Victims of the Optus hack also on Tuesday began receiving text message threats from scammers demanding payment in order to protect their private details.
“Optus has left security measures allowing us to access the personal information of their customers including name, email, phone number, date of birth, address and licence number,” a message reads, as Tweeted by New News reporter Chris O’Keefe.
“Optus has since not responded to our demand of paying the 1M$USD ransom as such your information will be sold and used for fraudulent activity within 2 days or until a payment of $2,000AUD is made, then the confidential information will be erased off our systems.”
The text goes on to provide bank account details and instructions to send through a screenshot of the transfer receipt.
Victims of Optus data hack are now receiving text messages from hackers demanding $2000AUD be paid into a CBA bank account, with threats their data will be sold for “fraudulent activity within 2 days.” @9NewsAUS pic.twitter.com/J57inlyyut
— Chris O'Keefe (@cokeefe9) September 27, 2022
The Commonwealth Bank responded on Tuesday afternoon saying it has blocked the account and is working with the Australian Federal Police who are investigating the scam.
According to news.com.au, one victim received a scam message on Monday night demanding money with his private details listed, including his name, address and employment history.
Strangely, the text was then followed up with another.
“Just f***ing with you.”
Optus had previously warned that the cyber attack on Thursday could trigger a rush of scams by criminals.
But this victim believed it was the real hackers.
“Given it’s my current address with an employer from seven years ago, I don’t think it’s a random text threat.”
How to secure your private details
Anyone who receives a text message from a scammer is being told not to pay any money.
“You have no idea if this is actually a person who’s done the attack, and you have no idea that they'll actually not on-sell if even if you pay them," Dr Suelette Dreyfus, a Senior Lecturer at the University of Melbourne, told Yahoo News Australia
Instead she's urging Optus customers to take action to best protect themselves.
“Figure out how you improve security on all your existing accounts and minimise risk," she said.
“[You could also] reduce the spending limit on any cards that might have been potentially at risk, and move the majority of your money to a separate account."
She's also encouraging all Aussies to set up two-factor authentication measures on their accounts and make use of a password manager.
— Brett Callow (@BrettCallow) September 26, 2022
Medicare details among those robbed
The online turnaround came as Home Affairs Minister Clare O’Neil struck out at Optus over news that Medicare numbers were among details stolen.
“Medicare numbers were never advised to form part of compromised information from the breach,” she said online.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them.”
Ms O’Neil moved to reassure Australians that the “full weight” of cyber security capabilities across government are working round the clock to respond to this breach.
Do you have a story tip? Email: firstname.lastname@example.org.