According to a computer expert, the Optus cyberhack that revealed millions of consumers’ personal information wasn’t “complex” as claimed; rather, hackers just breached security to get access to a “goldmine.”
Optus customers’ personal information, including addresses, birth dates, passport information, driver’s license information, phone numbers, and email addresses, may have been taken in Australia’s worst data breach last week.
According to Optus CEO Kelly Bayer Rosmarin, the cyberattack was a “sophisticated assault” that, in the “very worst case scenario,” compromised the information of 9.8 million individuals.
Trevor Long, a cyber expert and editor of EFTM.com, disagreed, stating that the telecom company’s security was “simply not strong enough” to qualify as a “hack.”
Mr. Long told Daily Mail Australia, “If we are to trust the hacker, this was not even a sophisticated attack, it’s not even a hack.”
“They were able to acquire information via a straightforward security compromise, using an internal system.”
“It’s a bonanza for identity theft and hackers, and right now there are 10,000 individuals whose personal information is easily accessible to con artists.”
According to Mr. Long, the hacker was able to locate the location of the telco’s main computer, which houses the database of client records and data.
The documents were purportedly sought by the hacker known as “Optushack,” who allegedly received access to the data without having to authenticate or provide a password.
If accurate, Mr. Long has called Optus’ cybersecurity defenses’ lack of protection a “fundamental weakness.”
“If the hacker is informing others about how easy and unauthenticated their access to the API [Application Programming Interface] is, it’s just a breach and it makes this much worse,” said Mr. Long.
Since he doesn’t think the data was encrypted, despite the telecom company’s claims, Mr. Long said Optus has to “look at themselves.”
“It’s like someone going on vacation who has a pretty big house.” They lock every window and door, but sadly, those locks were either picked up or left slightly ajar, according to Mr. Long.
No one questions Optus’ security in any scenario, but this time the security wasn’t strong enough.
In particular, Optus claims that the data was encrypted, but I don’t think it was. Even more of a problem would arise if a hacker managed to access the data and decode it.
“I believe the data was not encrypted, as it ought to have been, and that’s where they maybe need to have looked more closely at themselves and their security,” the author says.
Optushacker, who claimed to have “too many eyes” on them in a weird statement on Tuesday morning, promised not to sell or share the stolen information.
Optushacker apologized profusely to Optus in terrible English. Hope everything goes smoothly from here.
The hacker also said that if they had been able to contact the telecom, they would have informed them of their vulnerability.
The apologies continued, “Optus if your (sic) reading we would have reported exploit if you have means to contact.”
No security letters, bug bounties, or anything about the method too. We no longer care if the ransom was not paid.
The incredible U-turn came after the cybercriminal had earlier threatened to leak 10,000 data every day for the next four days unless a $1.5 million ransom was paid.
Passport, driver’s license, and Medicare numbers, along with dates of birth and residential addresses, were among the customer details that the hacker has so far made public.
Because they had “personally wiped data from disk,” which they say is the sole copy, the hacker said they couldn’t delete any more data, even if they wanted to.
The incident, according to Mr. Long, served as a reminder of the necessity for robust personal security. He advised Australians to adopt two-factor authentication and change their passwords.
This incident serves as a powerful reminder to everyone that we also need robust security, according to Mr. Long.
It’s a good idea to set up two-factor authentication and create fresh, secure passwords for your bank, email, and other accounts, as well as for websites like social media.
You will have superb security throughout your service and the majority of your platforms with those two items in place.
The Australian Federal Police is looking into the data breach, which is one of the biggest in the nation’s history.
In parliament on Monday, Home Affairs Minister Clare O’Neil attacked Optus harshly for permitting a “simple” hack and said that the government was looking into methods to lessen the consequences.
“We shouldn’t expect to see a compromise of this kind in a major telecoms operator in this nation,” Ms. O’Neil added.
“We anticipate Optus to continue doing all within their power to help both current and past clients.”
In order to determine what actions may be done to safeguard impacted clients, Ms. O’Neil said the government was trying to collaborate with financial authorities and the banking industry.
One important concern, according to Ms. O’Neil, is whether the country’s main telecommunications providers are subject to adequate cyber security regulations.
A data breach of this kind would incur sanctions of hundreds of millions of dollars in other countries.
The data leak, according to Prime Minister Anthony Albanese, was a “major wake-up call.”
Mr. Albanese said the additional safeguards would ensure banks and other institutions would be notified much quicker when a breach occurred so personal data could not be exploited. The government is getting ready to deploy new cybersecurity measures.
Optus said on Monday that certain consumers would be given the option to sign up for a 12-month membership to Equifax Protect, a security monitoring program.
The company claimed in a statement that “the most impacted consumers will be getting direct messages from Optus over the coming days on how to start their subscription at no cost.”
As we are aware that there are criminals who will use this situation to perform phishing schemes, Optus will not be include any links in any correspondence about this occurrence.