Optus Hit By Cyber-Attack, Breach Affects Nearly 10 Million Customers

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
Australian unit of telecoms firm Singapore Telecommunications Optus said earlier today it was investigating the unauthorized access of customer data after a cyber–attack.
The company confirmed it immediately stopped the attack, preventing customers' payment details and account passwords from being stolen. However, Optus confirmed some home addresses, driver's licenses and passport numbers were potentially accessed by the attacker.
"Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers," the company said in a statement on its website.
Optus, who, according to publicly available data, has 9.7 million subscribers, said it also notified key financial institutions about the attack and subsequent breach.
"While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious," the statement reads.
The technical details of the attack have not yet been disclosed. Still, according to Drew Perry, CEO of London–based IT consulting firm Tiberium, the breach may have been due to a vulnerability in a piece of security technology.
"Details on the incident are still emerging, but all customers of Optus, both past and present, are advised to change passwords on their accounts now and enable multi–factor authentication, if available," Perry told Infosecurity Magazine.
"If you use the same password across multiple accounts, update them all and make use of a password manager."
I'm one of their customers.
 
Last edited by a moderator:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Optus hacker apologizes and allegedly deletes all stolen data
The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.

Optus, Australia's second-largest mobile operator, first disclosed the security breach on September 22, 2022, saying that an attacker might have gained access to customers' personal information.

This information includes a customer's name, dates of birth, phone numbers, email addresses, physical addresses, driver's licenses, and passport numbers, but no account passwords or financial information.

On September 23, 2022, a hacker using the alias "optusdata" published a small sample of the stolen data on the Breached hacking forum and demanded that the firm pay a $1,000,000 (USD) ransom or the data for 11,000,000 customers would be publicly leaked.

Optus didn't give in to the extortion demands and instead engaged with law enforcement authorities to investigate the incident.

The hacker told reporter Jeremy Kirk that they used an unsecured API endpoint to steal the data rather than breaching the company's internal systems.

After not receiving a ransom demand, the threat actor released a larger sample of stolen data for 10,000 Optus customers for free on the same hacking forum, allowing threat actors to download and abuse it for their own campaigns.

Today, reports from victims of the data breach have started to receive messages demanding the payment of AUD 2,000 ($1,300) within two days, or their data would be sold to other hackers.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
What about customers whose passport or driving licence numbers were exposed?

Just how much of a risk does leaking an ID document number, rather than more complete details of the document itself (such as a high-resolution scan or certified copy), pose to the victim of a data breach like this? How much identification value should we give to ID numbers alone, given how widely and frequently we share them these days? According to the Australian government, the risk is significant enough that victims of the breach are being advised to replace affected documents.

And with possibly millions of affected users, the document renewal charges alone could run to hundreds of millions of dollars, and necessitate the cancellation and reissuing of a significant proportion of the country’s driving licences.
There’s no word from the federal legislature on on replacing driving licences, that being a matter handled by State and Territory governments…and no word on whether “replace all documents” will become a routine reaction whenever a breach involving ID document is reported, something that could easily swamp the public service, given that licences and passports are usually expected to last 10 years each. Watch this space – this looks set to get interesting!
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Optus breach victims will get "supercharged" fraud protection
The Australian Federal Police (AFP) announced today the launch of Operation Guardian to ensure that more than 10,000 customers who had their info leaked in the Optus data breach will get priority protection against fraud attempts.

This operation was set up under the Joint Policing Cybercrime Coordination Centre (JPC3), a partnership that allows law enforcement, the private sector, and industry to join efforts and fight cybercrime.

Throughout Operation Guardian, JPC3 members can use full and collective legislative powers and investigative and intelligence capabilities of all Australian policing jurisdictions to help boost the breach victims' protection against fraudsters.

"The AFP and state and territory police have set up Operation Guardian to supercharge the protection of more than 10,000 customers whose identification credentials have been unlawfully released online under the Optus data breach," the AFP said.

"Customers affected by the breach will receive multi-jurisdictional and multi-layered protection from identity crime and financial fraud. The 10,000 individuals, who potentially had 100 points of identification released online, will be prioritised."

As the AFP explained, Operation Guardian will focus on multiple measures that would help shield affected customers, including:
  • Identifying the 10,000 individuals across Australia now at risk of identity fraud and alerting industry to enable further protection for those members of the public,
  • Monitoring online forums, the internet, and the dark web for other criminals trying to exploit the personal information released online,
  • Engaging with the financial service industry to detect criminal activity associated with the data breach,
  • Analyzing trends from ReportCyber to determine whether there are links between individuals who have been exploited, and
  • Identifying and disrupting cybercriminals.
Cybercriminals are already using the personal information leaked online after Optus, Australia's second-largest mobile operator, was hacked earlier this month.

"Scammers are now sending phishing emails and text messages to victims requesting money to be sent to prevent their credentials been used fraudulently," said Detective Chief Inspector Darren Fielke. "Do not respond to any of these requests for money or requests for the purchase of gift cards."
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Optus confirms 2.1 million ID numbers exposed in data breach
Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month.

In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack.

In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ID document numbers exposed to the hackers.

Of these 2.1 million customers, 1.2 million had at least one number from a current and valid form of identification compromised, and 900,000 had ID numbers exposed but from documents that are now expired.

"Today's update helps provide more clarity for our customers," reads the press statement.

"Having worked with government agencies to meticulously analyse the data for the company's 9.8 million customers, Optus can confirm the exposed information did not contain valid or current document ID numbers for some 7.7 million customers."

However, all 9.8 million customers had other personal information exposed, including email addresses, date of birth, or phone numbers.

Optus has sent SMS text messages to customers whose ID numbers were compromised in the cyberattack with information on their next steps.

Customers whose driver's license details were compromised can request a new driver's license number to prevent identity theft or fraudulent activity.

The threat actor had initially attempted to extort Optus with a $1 million ransom demand not to publish or sell the stolen data.

After not receiving a payment, the hacker leaked the data of 10,000 customers on a hacking forum that included names, addresses, email addresses, phone numbers, and dates of birth.

A few days later, feeling the pressure of law enforcement, the hacker apologized to Optus and its customers and claimed to have deleted all of the stolen data.

However, as there is no way to determine if the hacker actually deleted the data, all Optus users should assume that threat actors may use their data in future fraud or phishing attacks.

Therefore, it is strongly advised to be wary of any emails claiming to be from Optus asking you to provide further information or login into your account.

If you receive an email or SMS text claiming from Optus, directly log in to the company's site and review any messages there.
 

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
A 19-year-old Sydney man has been charged after allegedly using information obtained during last month's Optus data breach to blackmail people.

It is alleged the man threatened 93 customers via text messages, saying he would use their details to commit financial crimes unless they paid $2,000.

No customers paid the money.

Australian Federal Police (AFP) officers swooped on the man at a Rockdale home in Sydney's south on Thursday morning where they seized a mobile phone they allege is linked to the text messages.

AFP Assistant Commissioner Justine Gough alleged the man would have continued to send texts had he not been arrested.

He has been charged with two offences, carrying a maximum penalty of 10 and seven years' imprisonment if found guilty.

"We would allege that the offender was working their way through the list… we would suggest he was prevented from committing future harm to the community," Assistant Commissioner Gough said.

 
Last edited by a moderator:

Razza

Level 4
Verified
Well-known
Aug 12, 2014
163
Am not from Australia, just wondering is it some government regulation requiring telecom companies to have customer ID numbers.

If a telecom company where I live in the UK had data breach the only sensitive information that might leak is my address and date of birth and payment information, no telecom company I've used over the years have ever asked for any of my government issued ID.
 
  • Like
Reactions: Nevi and Venustus

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
Am not from Australia, just wondering is it some government regulation requiring telecom companies to have customer ID numbers.

If a telecom company where I live in the UK had data breach the only sensitive information that might leak is my address and date of birth and payment information, no telecom company I've used over the years have ever asked for any of my government issued ID.
Here in Australia we have to show proof of ID (etc: drivers license) to buy a sim card. For those who don't drive, I suppose they will have to show another form of ID such as birth certificate etc

I think that after what happened, laws will be changed as to what form of ID is needed and how long telco's are
allowed to keep that information.
 

markstitovits

Level 2
Sep 13, 2022
54
They started an entire operation for finding the hacker. Eventually they found a 19 year old hacker, now he's facing 2 charges. 17 years overall in prison. He also apologized on a selling website, and he's claiming that he deleted the only copy of personal data from his hard drive. But he did publish 10,000 people's personal details, cause Optus didn't pay the ransom.
 

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531

Second Singtel subsidiary breach in a month sees customer and client data leaked​

The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus Australia's second-largest telco

Telco giant Singtel has confirmed that another of its subsidiaries, Australian IT services firm Dialog, has been impacted in a cyber security incident.

Dialog confirmed that customer data was largely unaffected by the attack, with the only evidence of the leak thus far coming in the form of employee data leaked online.

The company noticed suspicious activity on its servers on 10 September and was resolved through a fast shutdown, resulting in minimal disruption, it said.

 

Viking

Level 26
Thread author
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
More sensitive Optus data leaked in major cyberattack on law firm

Optus has been caught up in another major cyberattack, with sensitive information about a privacy watchdog investigation into the mobile-phone company breached by Russian hackers.

The Office of the Australian Information Commissioner is one of dozens of government departments and agencies scrambling to find out how much of their data has been breached in a hack attack on Australian law firm HWL Ebsworth.

Among the hacked data is information relating to an OAIC investigation into Optus that began in the middle of 2021.
This is separate to the OAIC’s ongoing investigation into the cyberattack on Optus in September last year that resulted in about 10 million current and former Optus customers’ personal details being stolen.

It is unclear whether the stolen information in the latest cyberattack on the law firm also includes the personal information of Optus customers.
Optus said it was aware of the data breach and had asked the OAIC to “clarify the extent to which Optus information has been affected in this data breach involving files held by HWL Ebsworth”.

The OAIC told this masthead it would “review the Optus documents once provided by HWL Ebsworth and notify affected individuals”.
The law firm would not comment on the stolen Optus documents, but said it was continuing to work through a “detailed and comprehensive review of the impacted data and informing impacted third parties and individuals as swiftly as it can”.

“We have an ongoing engagement with relevant authorities in relation to this process, including the Office of the Australian Information Commissioner,” HWL Ebsworth said.
The attackers – a Russian-linked criminal gang known as BlackCat, or AlphV – stole extensive data from the law firm in April and claim to have published 1.45 terabytes of its data on the dark web.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top