The hacker who hacked into Optus's database apologized and turned down the $1 million ransom claim

The hacker who hacked into Optus's database apologized and turned down the $1 million ransom claim

The hacker optusdata, who announced the hacking of Australia's second-largest mobile operator Optus and the theft of 11 million subscribers, withdrew his claim for $1 million in ransom after having been taken over by law enforcement agencies, and apologized to 10,200 people whose personal data had been published in a hacker forum.

The operator reported a hacker's break-in on 22 September 2022 and said that the intruder could have access to personal information from clients, including names, dates of birth, telephone numbers, e-mail addresses, physical addresses, driver's license and passport numbers, but not passwords or financial information.

On September 23, 2022, the hacker published a small portion of the stolen data at the hacker's Breached Forum and demanded that Optus pay him a $1 million ransom under threat of disclosure to all 11 million clients.

Due to the operator ' s refusal to pay, on 26 September, the hacker published a large sample of stolen data for 10,000 Optus clients at the same hacker forum, threatening to do so every day for another 10,000 clients.

However, on 27 September, the hacker released a new message on Breached, in which he stated that the stolen data would no longer be sold or passed on to anyone because of enhanced control over the data leak, and he also stated that he had removed the stolen data from his computer, which contained the only copy, and apologized to the injured customers of Optus and the company.

It is worth noting that there is no official evidence that the user under the name optusdata is indeed responsible for hacking Optus. It is assumed that the decision to stop trying to extort money from the operator was taken in response to the Australian Federal Police's announcement that Operation Hurricane had started to identify the perpetrators of the threat behind the break-in and the extortion requirements.