BREAKING: Hacker asking $1 million from Optus to return hacked data of over 11 million accounts

A hacker has taken to an online forum where data is bought and sold to seek $1 million from Optus to not release the data obtained in Wednesday’s Cyber Attack on the Australian Telco.

The user known only as “optusdata” posted detailed information in the forum, including links to samples of the data to prove it’s authenticity.

First brought to light in Australia by security researcher and reporter Jeremy Kirk, the claimed sample data includes hundreds of lines of information from two separate files.

They claim one file contains 11.2 million users, the second 10 million.

While it’s likely there are many duplicates across the two files, it’s safe to say there’s far more details exposed than has first been reported.

To validate this claim, EFTM has obtained samples of the data.

We have cross referenced the data with previous hacks, to find user information not already available to scammers and hackers. I then personally called several people, some of whom were shocked and hung up, others confirmed the details on file were accurate.

Michelle from Sydney’s northern beaches told EFTM the data we read out from the file, including her Address, Date of Birth and Drivers Licence Number were accurate.

Another user Wayne told us he was no longer an Optus Customer but had previously owned an Optus pre-paid data hotspot.

Within the file containing 11.2 million users, “optusdata” claims 4.2 million have an ID number of some sort, 3.6 million are drivers licences.

They also claim 4.3 million have an active Optus subscription, and 6.5 million of the 11.2 million users were mobile subscription.

In the second file containing 10 million lines of information there was also 3.2 million containing a drivers licence.

“Optusdata” says “Optus if you are reading! price for us to not sale data is 1.000.000$US! We give you 1 week to decide.“

After that week, the user will look to sell the data, in bulk for $1m, or in smaller groups priced at up to $300 USD per user.

That’s the value of your personal information folks – up to $300.

EFTM contacted Optus for comment, they told us that as an AFP investigation was underway they were limited in what they can say, however they did re-iterate the warning that this attack is likely to trigger a number of claims and scams from criminals seeking to benefit financially, including through: 

• Phishing scams via calls, emails and SMS.
• Offering illegitimate customer details for sale.

The advice remains to be vigilant with regard to any emails that seem to have your personal information as verification.