Teen arrested for using Optus hack data to scam victims

Sidney teen attempted to use data leaked in the Optus hack to extort victims in a text message blackmail scam, Australian authorities claim.

The Australian Federal Police (AFP) arrested a 19-year-old Sydney resident who allegedly sent text messages to Optus customers demanding money. According to the AFP, the teen asked for $2,000 and threatened to leak victims’ personal data if they didn’t pay.

Authorities claim that the arrested individual targeted 93 Optus customers whose data appeared leaked online due to a data breach that affected Australia’s second largest telco provider. Last month hackers stole the details of 9 million Optus customers and leaked the personal data of 10k company’s customers.

Hackers published the snippet of information to force Optus into paying them for the stolen data. However, hackers reversed course after Australian authorities and the Federal Bureau of Investigations (FBI) launched a multinational investigation.

The Sydney man arrested for using customer details from the leaked dataset of 10k Optus customers will be charged for using the telco network for blackmail and dealing with stolen data. If charged, the 19-year-old could face up to ten years in prison.

The arrest comes after AFP launched Operation Guardian, a cross-institutional effort to protect Australians most affected by the data breach. Australia’s Assistant Commissioner for Cyber Command, Justine Gough, said there would be no tolerance for criminal use of stolen data.

“Do not test the capability or dedication of law enforcement. The AFP, our state partners and industry are relentlessly scouring forums and other online sites for criminal activity linked to this breach. Just because there has been one arrest does not mean there won’t be more,” Gough said.

While details of only 10k Australians leaked online, the dataset included customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licenses or passport numbers.

Some users on online forums went as far as digging up home addresses of people they held grudges against, claiming they’d use the information to vandalize the property.

This week, Australia’s largest telco provider Telstra also informed that it suffered from a data breach. However, only Telstra’s staff data was published online, and the attack affected information stored by a third party, not Telstra itself.

Telstra’s spokesperson said that the company is under the impression that the relatively old dataset was put up for sale to profit from the Optus breach.

There might be some logic to this, as large data breaches attract the attention of the international cybercriminal underworld. For example, the record-breaking leak from the Shanghai National Police spurred Chinese-language activity and interest in China-based data leaks.

More from Cybernews:

Quantum computing: shining a light on the nature of the universe

Water Labbu attacker robs scammers of their loot

New Bill of Rights to govern AI usage in "the age of artificial intelligence"

Hacker sentenced to 20 years over ransomware attacks

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked