After the information of 10,000 customers was reportedly leaked, the alleged hacker apologized to Optus.
Just hours after releasing 10,000 customer records as part of a ransom demand, the alleged Optus hacker made an unexpected announcement.
The person who is thought to be behind the cyber attack on Optus has made a shocking claim about the millions of customer details they say they have.
On Tuesday morning, the alleged hacker, who only went by the name Optusdata, said that there were "too many eyes" on them and that they had decided not to sell or leak any more data.
The update comes just a few hours after the person said they had leaked the information of 10,000 customers to try to get Optus to pay the ransom they wanted.
In the latest message, the person apologized to the Australians affected by the data leak and said they couldn't release more data even if they wanted to because they "personally deleted data from drive," which they said was the only copy.
The alleged hacker also apologized to Optus and said, "I hope everything goes well from here on out."
"Optus, if you're reading this, we would have told you about the exploit if you had a way to reach us. "No security mail, no bug bountys, and no way-to-message," the message said.
"The ransom hasn't been paid, but we no longer care."
The person who was thought to be the hacker said it was a "mistake" to release the information in the first place.
Jeremy Kirk, a cyber security researcher and writer at ISMG Corp who has been in touch with the alleged hacker, told thousands of Australians on Tuesday morning more "bad news."
"The Optus hacker has released 10,000 customer records and says he will release another 10,000 records every day for the next four days if Optus doesn't pay up," he wrote on Twitter.
This happened just a few days after the same hacker posted a ransom note on an online forum early Saturday morning, demanding that Optus pay $US1 million (A$1.5 million) in cryptocurrency.
The person said they had important information about 11,2 million Optus customers, like their names, dates of birth, phone numbers, email addresses, and, for some customers, their addresses and ID document numbers, like driver's license or passport numbers.
They said that if they didn't get what they wanted, they would start putting sensitive information online.
The Australian Federal Police knew about this thread, an Optus representative told news.com.au.
The spokesperson said, "We are helping them with their investigation to find the criminals who did this attack."
Mr. Kirk showed a screenshot of a message that he thought was written by the hacker. The message said that Optus should only contact them online.
"We run a business." "One million dollars is a lot of money, and we will keep our word," the message said.
The cybercriminal wants to be paid in Monero, which is a decentralized cryptocurrency that makes it hard to find out who the recipient is.
The alleged hacker said that Optus would pay the ransom if they cared about their customers. He said that $US1 million was "a small price to pay" compared to how much money they make.
If the money is paid, the hacker said, the customer information on their hard drive would be erased.
"There is only one copy. Will not sell data... gone for good," said the message.
The telco company has four days to decide if it will pay the ransom or not.
Worryingly, Mr. Kirk also said that the new data seemed to show that some customers' Medicare numbers may have also been shared.
He said that the word "Medicare" was in the new data set 55 times.
When the first post from the alleged hacker showed up online, Mr. Kirk said that the sample dataset given by the unknown person matched the breach, which suggested that they may be the ones who did the attack.
"I just ran 13 email addresses from the first batch of sample data from the alleged Optus leak through Haveibeenpwned, a website that tells you if your email or phone number has been involved in a breach. "Six come back as unique, which means they are not in any other HIBP-indexed breach," he said.
"Once again, this is a strong indication that the Optus data is real."
Mr. Kirk also said that he talked to the hacker, who told him in detail how they did the hack. This convinced him that the person was "the real thing."
An expert says why Optus was attacked.
Brett Callow, a cyber security threat analyst, said on Nine's Today show on Tuesday morning that the reason for the breach was "money, plain and simple."
"They want to make a lot of money," he said.
Optus said that this was a "sophisticated" cyber attack, but Mr. Callow questioned that claim.
"It sounds like something a high school kid might have been able to do," he said.
Mr. Callow said that these kinds of attacks have become a bigger problem over the past few years.
"People are using customers as weapons. They are stealing their information, and in some cases they are even talking to the people the information is about," he said.
"They do that a lot to try to get those people to put pressure on the companies to pay."
Optus CEO Kelly Bayer Rosmarin had said before that reports of 9.8 million records being hacked are the "absolute worst case scenario."
She called the situation a "sophisticated attack" and said that Optus took action right away to stop the attack from going any further. She also said that the police had been called to help find the source of the attack.
She said, "We're very sorry, and we know that customers will be worried."
"Please know that we are working hard and talking to all the right people and groups to help keep our customers as safe as possible."
Optus has also told the most important financial institutions about this. We don't know of any customers who have been hurt, but we encourage them to be extra careful with their accounts and keep an eye out for strange or fraudulent activity and notifications that seem odd or suspicious.