Optus cyber attack investigation amid alleged ransom threat

The Australian Federal Police (AFP) are investigating the cyber attack on Optus as the legitimacy of an alleged online ransom threat to sell millions of customer details is probed.

Optus said today the attack could trigger illegitimate offers to sell customer details online as a user on a data breach forum has claimed two files containing sensitive customer information will be sold if a $1.53 million ransom is not paid within a week.

The number of customers whose details were compromised in Thursday’s “sophisticated” hack was initially estimated at 9.8 million.

An alleged threat has been made to sell details obtained in an Optus cyberattack as impacted customers are contacted. (9News)

The threat, sighted by 9News, was posted to an online website where stolen information is sold and claims one file contains 11.2 million lines of information, while the other 10 million.

There’s no cross referencing of the data currently available to remove duplication, but it indicates the number of unique users impacted will be in excess of 11 million.

Over four million of them are reported to contain an identity document number, such as drivers licence or passport, and over four million appear to have active Optus subscriptions.

Optus did not comment directly on the alleged threat, which has said the data would be sold in one lot or in groups of users at a price of up to $300 each unless the USD$1 million payment was made in a cryptocurrency called Monero.

“Given the investigation, Optus will not comment on the legitimacy of customer data to be held by third parties and urges all customers to exercise caution in their online transactions and dealings,” a statement obtained by 9News read. 

Customers have been advised Optus is not sending links in SMS or emails and has warned users not to open any link from someone claiming to be from the company. 

It’s also been noted the attack will likely lead to an increase in phishing scams through email, phone calls and text messages as “criminals seek to benefit financially”.

An AFP spokesperson told 9News it was aware of reports alleging data stolen in the Optus hack were being offered for sale online, including the dark web.

“The AFP is using specialist capability to monitor the dark web and other technologies, and will not hesitate to take action against those who are breaking the law,” the spokesperson said.

The AFP issued a warning for anyone considering purchasing stolen data.

“It is an offence to buy stolen credentials. Those who do face a penalty of up to 10 years’ imprisonment,” the spokesperson said.