Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Optus Breach Exposes 40% of Australian Population


Optus Breach Exposes 40% of Australian Population

On the 24th of September 2022 a post emerged on the ‘BreachForums’ message board (which appears to be the old Raid Forums, apparently reborn from the ashes) posting a data sample of approximately 100-200 records demanding a $1.5mil USD via Monero from Optus. Australia’s second largest telecommunications provider. The alleged hack revealing names, dates of birth, addresses, medicare numbers (Australian national healthcare) and drivers licence numbers.


On the 24th of September 2022 a post emerged on the ‘BreachForums’ message board (which appears to be the old Raid Forums, apparently reborn from the ashes) posting a data sample of approximately 100-200 records demanding a $1.5mil USD via Monero from Optus. Australia’s second largest telecommunications provider. The alleged hack revealing names, dates of birth, addresses, medicare numbers (Australian national healthcare) and drivers licence numbers. Sydney based tech reporter Jeremy Kirk saw the significance of the post and contacted Optus who later confirmed the hack. Optus CEO stated that the hack was sophisticated attack on their robust systems. Kirk reached out to the hacker on the forums asking about the nature of the hack, and if he had manipulated an API. The BreachForums user ‘optusdata’ posting a further 10,000 records while replying to Kirk in broken English; ‘No authenticate needed. That is bad access control. All open to internet for any one to use.’ Later posts indicate he scraped the data via the open API, raising the question whether Optus was hacked at all.
In a strange twist in events. Optusdata posted again on the forums. Stating that he is recalling the extortion attempt. That the data is not for sale. That he will be deleting the only copy, apologising to the 10,200 Australians whose data he leaked. Interestingly optusdata finishes his post with a note directly to Optus. ‘Optus if your reading we would have reported exploit if you had method to contact. No security mail. No bug bountys. No way too message’. This writer can confirm that Optus is incredibly difficult to contact. If optusdata is honest in his words, this is likely a very costly and embarrassing mistake for optus. Optus has not provided any update on the nature of the ‘hack’.

Comments
Sorry but there are no comments to display