The “OptusData” hacker who has for days now claimed they held millions of Australian’s personal data after beaching the Optus customer database in what Optus is calling a sophisticated Cyber Attack has today withdrawn their ransom demand.

On the online forum used to market the data, “OptusData” removed the original subject of the post, and content, and replaced it with this message:

Too many eyes. We will not sale data to anyone. We cant if we even want to: personally deleted data from drive (Only copy)

Sorry too 10.200 Australian whos data was leaked. 

Australia will see no gain in fraud, this can be monitored. Maybe for 10.200 Australian but rest of population no. Very sorry to you.

Deepest apology to Optus for this. Hope all goes well from this

Optus if your reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message.

Ransom not payed but we dont care any more. Was mistake to scrape publish data in first place.

Why? Well, we may never know.

Did they really delete the data? Do you trust a criminal?

Possible scenarios here.

  1. Optus Paid the Ransom along with a strong legal letter about posting publicly
  2. AFP investigators are close, very close to finding the person
  3. Someone else paid way more than the $1million USD being asked.

We will never know.

But, every single Optus customer should still be on high alert. We don’t know that the person who posted the data was the original hacker, so the data is most likely still out there meaning your identity is still at risk of fraud and scams will be a huge problem going forward.

Great to see one forum shut down, but let’s just assume the Dark Web is now where this action is at.