>
A man claims Optus sent him another customer’s phone numbers and bills via help chat in the latest scandal to hit the telecommunications giant.
Up to 10 million Australians are at risk of having their personal and sensitive information sold online after a hacker infiltrated Optus’ system and infiltrated the data of its current and former customers.
Samuel Leighton-Dore posted screenshots of a conversation he claims to have had with an Optus employee – who appears to have accidentally sent him private information.
“Now Optus support is leaking others’ phone numbers and bills to me,” he posted on Twitter, alongside an image of the chat.
A man claims Optus sent him customer phone numbers and bills via help chat in latest scandal to hit telecommunications giant
Samuel Leighton-Dore posted screenshots of a conversation he claimed to have had with an Optus employee – who appears to have accidentally sent him private information
The Optus employee forwarded three customer phone numbers in addition to bills of $326.20, $117.90 and $110.90.
The employee then immediately follows up on the messages by saying, “I request that you ignore the above text.”
“You just leaked me additional data,” replies Mr. Leighton-Dore.
“My apologies for that,” the Optus employee responds, before the messages were a “typing error.”
Daily Mail Australia has reached out to Optus for comment on the bizarre gaffe.
Optus employee apologized to Mr Leighton-Dore for accidentally sending customer information to him via help chat
New South Wales government has confirmed it will replace all driver’s licenses affected by Optus’ massive data breach
State governments in Australia have confirmed it will replace all driver’s licenses affected by Optus’ massive data breach.
Victor Dominello, NSW’s Secretary of Digital and Customer Service, confirmed Tuesday evening that they would cover the $29 cost to replace licenses affected by the online espionage.
“First of all, I’m sorry it took several days to get to this landing. People are understandably stressed and need a way forward,” he wrote on his Twitter account.
QLD Prime Minister Annastacia Palaszczuk confirmed that her government would also reimburse all license changes, while Victoria’s Department of Transport will send the bill directly to the telco.
Mr Dominello said Optus will be contacting its customers in the coming days who need to apply for a new license.
‘People in NSW with a digital driving license immediately receive a provisional card number via the Service NSW app. A new plastic license card will be issued within 10 working days,” he said.
“The cost to replace your driver’s license is $29 and will be charged by Service NSW at the time of application – refund advice will be provided to customers by Optus in the coming days.”
Anyone concerned that their identity may have been leaked should contact ID Support NSW on 1800 001 040.
Ms Palaszczuk said Transport and Main Roads Queensland would issue new licenses free of charge.
“The license is a very secure ID, but we’ve heard from a lot of people who are concerned, so we’re giving people the option to get a new license,” she tweeted on Tuesday evening.
Victor Dominello confirmed Tuesday night that the government would cover the $29 cost of replacing licenses affected by the online espionage
The hacker who claimed to be responsible for the data breach suddenly apologized for the cyber attack – as customers received threatening text messages demanding they pay $2,000 to have their data erased.
In a bizarre post on Tuesday morning, ‘Optusdata’ claimed there were ‘too many eyes’ on them, saying they would not sell or leak the hacked data of up to 10 million Australians.
In broken English, Optusdata said, “Deepest apologies to Optus for this. Hope all goes well from this.”
However, Australians are now receiving threatening messages demanding that they pay $2,000 to “wipe their confidential information from the system.”
In a bizarre post, ‘optusdata’ claimed there were ‘too many eyes’ on them, claiming they wouldn’t sell or leak the hacked data of more than 10 million Australians
The text warns Optus customers that if they don’t follow the rules, their information will be “sold for fraudulent activity” within two days.
The message asks that the $2000 be transferred to a Commonwealth Bank account called ‘Optusdata’ and that customers send a copy of their receipt.
“Optus has failed to maintain security measures that allow us to access their customers’ personal information, including name, email, telephone number, date of birth, address and license number,” the text reads.
“Optus has not responded to our demand to pay the $1 million USD ransom because your information will be sold and used for fraudulent activities within 2 days or until a payment of $2,000 AUD is made, after which our confidential information will be systems will be erased .’
The threats come just hours after the hacker said they would release 10,000 records every day for four days if a $1.5 million ransom went unpaid.
Optus customers have received threatening text messages warning that their data will be leaked unless they pay $2,000 to a CBA account (photo, the text message)
The customer data the hacker has released so far includes passport, driver’s license and Medicare numbers, as well as dates of birth and home addresses.
In their original apology, the Optus hacker claimed they would have told the telco about their vulnerability, but there was no way to get in touch.
“Optus, if you reported (sic) reading, we would have reported exploit if you had a method of contacting us,” the apology continued.
‘No security email, no bug bounties, no way to message. Ransom not paid, but we don’t care anymore.’
The hacker said they couldn’t release more data, even if they wanted to, because they had “deleted personal data from the drive,” which they claim is the only copy.
Cybersecurity journalist Jeremy Kirk said the apology was not a guarantee that “optusdata” could be trusted, but said it would be the “best outcome” for customers.
He said it was “disappointing” that others on the forum had copied and distributed the stolen data – despite the hacker removing the original samples.
“This means those 10,200 Optus users in these three data samples are at an immediate increased risk of fraud and identity theft,” he tweeted.
Shara Evans, a tech analyst who has worked for major telecommunications companies in the United States, believes Optus has not been quick to comment on whether the stolen data was encrypted or not.
“If the data were encrypted, the company would be at the forefront and say ‘yes, it’s encrypted, we’re not going to tell you the exact method for security purposes,'” she told the Daily Mail Australia.
“Any data anyone could possibly get their hands on would be in an ‘encrypted state’ — whether they used encryption or tokenization or some other method to encrypt the data that would have solved 99.9 percent of the problem.”
Ms Evans said Optus should have kept separate silos for storing their customers’ personal information.
“All these things should have been kept separate, stored separately with audit trails, multiple firewalls and encryption,” she said.
The hacker demanded a $1 million ransom – or $1.5 million Australian – in Monero, a decentralized cryptocurrency (pictured, an Optus store in Sydney)
Mr Kirk questioned the rationale behind the backflip, tweeting, “Lots of questions about this: Why has this person seemingly changed his mind?”
‘Can we trust this person now? What does this person mean by writing about not being able to erase the data from the drive?’
The cybersecurity journalist, who claims to have been in contact with the hacker, shared details of the ransom note on Tuesday morning.
“The Optus hacker has released 10,000 customer records and says a batch of 10,000 will be released every day for the next four days if Optus doesn’t give in to the extortion demand,” he wrote on Twitter.