38 Comments
  1. Hacker releases more detailed apology than Optus 🥴

  2. Obviously you can’t actually trust this. Don’t plan on it being true at all.

  3. Amazing that a company as large as Optus doesn’t have a decent bug bounty program.

    Every company has vulnerabilities. The reason you don’t see many many exploits in best tech companies is (in part) because they have good bug bounty programs to incentivise white hats to find the bugs before black hats do.

  4. Well you heard it, from the most trustworthy of character on the planet. If you’re with Optus there is nothing to worry about now.

  5. Would not be surprised in the slightest if Optus paid and part of the agreement was that the seller would not publicly acknowledge that Optus paid.

  6. Yeah I’m not buying this. The data is more valuable with people thinking that their personal info is not out there.

  7. Allright, own up, whose teenage kid was it that did this?

  8. Could be anything.
    – The hacker is a kid / teenager and the pressure got too much for them.
    – Optus paid and as part of this they had a non-disclosure agreement.
    – 3rd party purchased the data and asked they post this after to hide the fact the data had been purchased.

    We’ll never ultimately know.

  9. If anyone is interested in a podcast that has a lot of stories on these types of leaks and many other IT hacks then I’d highly recommend listening to Dark Net Diaries. Strap yourselves in and be shocked at how vulnerable we are.

    I’ve no doubt they’ll do a podcast on this leak eventually.

  10. Bet this is just to wait until things cool down. Trying to sell it now would be stupid. To many cops trying to buy it.

    They will give it a few months and then slowly sell it off under another name.

  11. They released 10,000 customers details recently as they’re not bluffing about the $1mil USD ransom

  12. I don’t think Optus paid and part of the deal was to release this message. They point out that they tried to get into contact with Optus but there was no bug bounty or method to do so. If this is true, then why on Earth would Optus ask them to write it? This makes Optus seem both overly confident and wildly naive, and just further hurts their credibility. It doesn’t make sense.

    This post feels like they either;

    A) Got in over their heads, panicked, burnt the data and tried to post this to cover their tracks in a futile attempt to get the investigation dropped

    B) Didn’t like the level of media attention amd scrutiny, couldn’t figure out a way to sell the data without it being obvious, so they want to wait for a few months and then sell the data off to a third party.

    C) They’ve sold it to someone else and wrote this to cover their tracks and was hoping that the investigation would ultimately get dropped.

    Or scenario D) We can’t trust anything this post says because we can’t verify any of it, and so there’s no point in speculating because we may never know for sure.

  13. In other news, Optus plan pricing increased by CPI+$2 to account for unexpected costs.

  14. Love that the hackers are more apologetic and professional than Optus 😅

  15. People are being dismissive but I reckon there is some level of truth here.

    Considering the unsophisticated “hack” (if you can even call it that, more like an unpatched exploit) I highly doubt this person is the criminal mastermind some people are presenting them as.

    They found the exploit, scraped the data to sell or for whatever other purpose only to end up with way more than expected. Then they got in over their head especially with all the media and government attention being received (it’s been the top story for almost a week). They probably received an AFP doorknock or equivalent in the last few hours.

    Just look at the GTA VI leak last week. It wasn’t some sophisticated hack, just some 17 year old kid who managed to get the minimum info needed to access the files.

  16. So they simply scraped Optus? Do u realise how lax their security is to be scraped? Ive just called and cancelled my services. Moving to Telstra as we speak. They pretty much pleaded for me to stay, offering incentives. The person i spoke to said people are leaving in droves.

  17. Seems like the authorities got to the hacker or Optus has done a deal with them. Either way we’ll not know unless an investigation is published.

    But the bigger question for is why on earth such a critical API was left open with exploits in the first place – would no one in their API development care to think and run a penetration test or happy path testing when exposing such an API? The irony is they have unvetted access to Trustwave – which is seasoned player in Cyber Security services.

    If so, it would then determine it’s not even a complicated hack, it’s as simple as someone knocking on doors to see if something open and being open decided to steal what they found there.

    Poor practises IMO and relevant executives / board members/ CEO should be held accountable and/or asked to resign.

  18. If people aren’t taking any steps to secure their identifies as a result of this email, it increases the value of the data. Pardon my cynicism

  19. ![gif](giphy|1AIeYgwnqeBUxh6juu)

  20. Gotta love receiving an sms from optus telling me to make sure I have money in my account to pay the direct debit when couple days prior they send an sms to tell me all my personal information has been stolen but we won’t do anything about it.

    The nerve of this scum company.

  21. Can we find out if we are one of the 10k? ☹️

  22. A real cybercriminal would have just kept their mouth shut, sold off the data for the highest price and carried on their merry way…

  23. What forum is that

  24. Smells a bit like bullshit

  25. While I stole your data I must say you stole my heart.

  26. Why on earth in this day and age of advanced encryption and secure comms would a company keep identification records of their customers is beyond me.
    You identify someone , encrypt and discard.

  27. 9 news Australia just tweeted that the data was released

  28. Why did my data have to be hacked by an anime avatar that can’t even spell?

  29. Sounds like Optus paid the ransom? And paid a little extra to make it look like they are saving face.

  30. How much was the ransom

  31. Mine was used hours after being notified

  32. This is literally scene for scene the last arc of Extraordinary Attorney Woo

  33. Reads like something the Optus CEO might have typed up and sent out last night.

  34. Headline : **”Incompetent company’s open API logged into by incompetent hacker”**

  35. Pretty sure it was way more than 10.200 people?

  36. Optus paid them to say this i rekon

  37. Where can I see if my details were in this list of 10,000 that was leaked?

  38. Something posted on the internet – 0% credibility. You can’t tell me this information won’t end in an Indian scam factory at some point. Optus should be accountable for the abysmal security of data storage, and the government should be accountable for the onerous and frankly outrageous data retention laws they place on organisations in pursuit of a surveillance state.

Leave a reply