Last week, around 9.8 million customers had their data leaked in an attack on optus, Australia’s second largest operator. Well, today, the hacker who claimed to be responsible for the leak came back and apologized to the company and the people. Still, both the company and the competent authorities have spared no effort to find the real authors of this attack, which is already considered one of the largest in the country’s history.
Identified as “Optusdata”, the hacker posted two files with about 200 of the alleged stolen data on a forum. In the same message, he asked for $1 million in Monero cryptocurrency to not sell the information to other criminals.
This Tuesday (27), the same account published over 10,000 Optus customer records. A short time later, he deleted everything and said he was no longer interested in the money: “Too many eyes. We will not sell data to anyone. Sorry also to the 10,200 Australians whose data was leaked.”
The criminal apologized to Optus and said he would have reported the attack if the operator had had a channel for complaints. According to the alleged hacker, no amount had been paid. wanted fur The Guardian, Optus declined to comment.
Leak is one of the biggest in Australian history
Last Thursday (22), the Australian operator said it was investigating possible unauthorized access to customer information. Among these data would be: names, addresses, dates of birth, phone numbers, emails, driver’s license and passport numbers.
“While not everyone may be affected, and our investigation is not yet complete, we want all our customers to be made aware of what happened as soon as possible so they can increase their vigilance,” said Kelly Bayer Rosmarin, the company’s executive director.
Optus also said it “ended” the attack as soon as it discovered it and that no customers had suffered damage. In addition, the company said it has notified police of the incident and is working with Australia’s cybersecurity center to address potential risks to customers.
Although the operator did not specify when the attack took place or how many customers could be affected, the local press points out that data of up to 9.8 million Optus customers would have been stolen. The number represents around 40% of the Australian population, making this one of the biggest leaks in the country’s history.
According to one reportage of ABC Australian, the leak would have taken place through an API to a customer database. In short, the criminal would have extracted the information from an unauthenticated API, that is, one that did not require a login to access it.
Government wants to review privacy legislation
In light of this, the Australian government has planned to review legislation that addresses user privacy. In addition to triggering calls for stronger laws to protect sensitive data, the incident also opened the eyes to severely punish companies that fail to take care of this information.
For Anthony Albanese, Prime Minister of Australia, laws should be modified so that companies are required to share details with banks about customers affected in leaks to prevent any kind of fraud.
Although Australia has a law that guides organizations in the event of a data breach, it is less stringent than the General Data Protection Law (LGPD) in Brazil.
Since the cyber attack came to light, federal police launched Operation Hurricane. In partnership with foreign authorities, the objective is to find out who obtained the data and to whom they were trying to sell it.
With information: The Guardian and The Verge