The Optus hacker apparently wants $1 million, so basically the greatest data heist in history is worth less than a 2-bedroom apartment in Petersham.
Someone is claiming to have the stolen Optus account data for 11.2 million users. They want $1 million in the Monero cryptocurrency from Optus to not sell the data to other people. Otherwise, they say they will sell it in parcels. #optus #auspol #infosec #OptusHack https://t.co/1eCINue2oZ
UPDATE: I reached the person who claims to have hacked Optus. I've also been contacted by a second, separate source who says the hacker's version of events is approximately correct. Here's what they said. #OptusHack #infosec #auspol
If I post anything good about Dan Andrews, you know I’ve been hacked via the Optus cyber attack.
Optus has around 5.8 million active users, so the rest upto 10 million must be previous customers so why are they keeping the private details of 4.2 million previous users? Govt must legislate businesses destroy those records after 3 months.
Day 3 and our desktops and home phones are still offline and Optus still hasn't addressed the problem, should I send them a bill for failing to provide the service that they are charging me for?
The Optus hacker says they accessed an unauthenticated API endpoint. This means they didn't have to login. The person says: "No authenticate needed. That is bad access control. All open to internet for any one to use." #infosec #auspol https://t.co/l89O8w1oCO
If #Optus' breach had happened in the EU & thus were subject to the GDPR, it would be liable to a fine of €20M (AU$30M) or 4% of the firm's worldwide global revenue from the previous year, whichever is higher.
The Australian govt needs to get its act together on privacy.
Very Qld LNP. Politicise anything that goes wrong & blame Labor. Peter Dutton seeking to capitalise on the #Optus hack. #auspol https://t.co/W2oe4BiC2M
I received an email from Optus, stating that some of my personal information has been compromised. License numbers etc. I’m now at the mercy of criminals. Will various criminal identities be created using my name and data? I have no power over my personal identity thanks to Optus
The API endpoint was api[dot]https://t.co/o7YSPiVStk
. Yes, that looks weird, but the hacker says it worked otherwise a DNS error occurred. That API is now offline, so there is no more risk for Optus. It was used in part to let Optus customers access their own data. https://t.co/30mG1YQ0T5
THE Russell - You don't like opinions? Here's mine@THE_Russell
It turns out @Optus
was being loose with the truth. Apparently, the live customer database was connected via an "unauthenticated" API on a "test network" to the actual Internet, facilitating the data loss.
They weren't hacked, they hacked THEMSELVES!
#OptusHack #Optus #auspol https://t.co/aLTVNQITLV
I am sick of businesses such as OPTUS telling people to be vigilant & protect themselves when the reasons they are at any threat is because of the negligence of that business. Businesses making huge money are responsible for their products.
So does this make Optus liable for allowing an unauthenticated API to begin with?
Optus is a wholly owned subsidiary of Singapore Telecom, who are 55% owned by the Singapore government... 'Team Australia response?'
Don't all the profits go offshore?
Australia's second largest telecommunications company, Optus, suffered a data breach that compromised the information of an unspecified number of their 10 million customers. #databreach #cybersecurity https://t.co/0QUBCttJvU
Australia’s Optus cyberattack: ‘no passwords compromised’ as company contacts affected customers https://t.co/EU5I6Sabyh
Your email says "if customers receive an email claiming to
be from optus, its not from Optus" ?
@Smushster @ColdwaterQ @Jeremy_Kirk
An unauthenticated public API being accessed isn’t even an exploit really. This is the equivalent of Optus storing customer data in a big unlocked filing cabinet in a public park with a sign on it saying “customer data”
Streameast got like all the American sports I got Optus sport for soccer tho
My account was hacked. Don't worry they said, they only have my name, address, DOB, Licence number, email, phone number. But they didn't get my payment details. What a joke
as a longtime customer.. and privacy advocate
give me a good reason why I shouldn’t sue with a class action?
this data breach wasn’t inevitable, you’re responsible for destroying personal info after a short period of time
you chose profit, over my rights
Listening to the language Optus is 'reinforcing', they're desperately couching it as a hacking event…& everyone is shouting data breach back at them.