Australian Federal Police monitoring dark web amid allegations stolen Optus data may be sold online

| 24.09,22. 11:01 PM |

Australian Federal Police monitoring dark web amid allegations stolen Optus data may be sold online

A laptop computer sits open on a bed in a dark room showing an email account on screen.
The Optus CEO said she was aware of reports the stolen data was allegedly being sold online. (Unsplash: Jay Wennington)

The Australian Federal Police are monitoring the dark web and internet forums after reports stolen Optus data may be being sold online.

One post on the website BreachForums claims to be selling the data, which includes email addresses, dates of birth, first and last names, phone numbers, drivers' license and passport numbers.

The dataset referred to has not been confirmed or verified by Optus, the police, or intelligence agencies, but some numbers have been verified by journalists.

"The AFP is aware of reports alleging stolen Optus customer data and credentials may be being sold through a number of forums, including the dark web," a police spokesperson told the ABC.

"The AFP is using specialist capability to monitor the dark web and other technologies and will not hesitate to take action against those who are breaking the law."

Co-founder of cybersecurity firm Internet2.0, Robert Potter, who has advised US and Australian governments on cyber attacks, said the data was authentic.

"I'm comfortable saying the data is authentic information and an amount of it include email addresses not previously seen in other breaches," Mr Potter told the ABC.

"Some of the data is still encrypted. Optus should confirm if it is from their systems."

It is an offence to buy stolen credentials online with a penalty of up to 10 years' imprisonment.

During a media briefing on Friday, Optus chief executive Kelly Bayer Rosmarin said the company was aware of reports Optus data was allegedly being sold online.

"One of the challenges when you go public with this sort of information is you can have lots of people claiming lots of things," Ms Bayer Rosmarin said.

"There is nothing that has been validated and for sale that we are aware of, but the teams are looking into every possibility."

On Saturday, Optus was not willing to comment on the post citing advice from police.

"We are coordinating with the AFP because this is now a criminal investigation," the spokesperson said.

"Given the investigation, Optus will not comment on the legitimacy of customer data claimed to be held by third parties and urges all customers to exercise caution in their online transactions and dealings.

"Once again, we apologise."

Optus continues to contact customers implicated in attack

Some cyber experts are urging caution around reports of data being sold online, warning it could be an attempt to capitalise on media attention.

Optus is continuing to contact all customers implicated in the cyber-attack.

"We will begin with customers whose ID document number may have been compromised, all of whom will be notified by today," the spokesperson said.

Optus has also advised customers to be very vigilant online and to be careful of scams.

"If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links," the spokesperson said.

"We have been advised that our announcement of the attack is likely to trigger a number of claims and scams from criminals."

(Votes: 0)

Other News

Five-year-old boy dies in floodwaters in NSW central west Optus cyber attack investigation amid alleged ransom threat Officer 'bitten' during ramming of police car after burglary in Melbourne NSW dam levels reach 100 per cent capacity in many regions Optus rejects insider claims of 'human error' as possible factor in hack affecting millions of Australians South Australian government to consider cash reward for assistance in locating Peter Falconio's body Search after girl allegedly filmed in Brisbane shop toilet cubicle NSW garbage truck driver 'so sorry' for pedestrian death Pension pain: 'Four per cent, will it make a difference to people? Absolutely not' Don't shower during a thunderstorm. Here's why Man dies in head-on semi-trailer and car crash at Woomargama, NSW Northern NSW on high alert for flash flooding following 150mm of rain in two hours Boeing agrees to pay $301 million for misleading the public about the 737 Max Body of man found in river after desperate search for missing swimmer NSW opposition leader sacks frontbench MP on radio NSW Police officer braves surging floodwaters to rescue three people including a toddler Dire warning for future NSW flooding events as state smashed by rain School bus recovered as police investigate horror collision with truck Sydney woman awarded $1m after falling between train and platform Sydney identity Fadi Ibrahim changes plea ahead of trial Melbourne Love Machine nightclub drive-by killers jailed for life Where double demerits will be in force for Australia's National Day of Mourning 'Someone knows something': Police hunting for Queensland hit-run driver Men jailed for stabbing dying Victorian teen Australia's oldest man, Frank Mawer, dies aged 110 after contracting COVID-19 Rapist who dragged woman from Melbourne bus stop jailed Man on the run from police after armed robbery at NSW service station More than 600,000 nib members to receive $40 million back in claims savings NSW drivers warned of major traffic delays ahead of National Day of Mourning and school holidays Petrol prices won't jump after end of fuel discount, Treasurer says