Second batch of Optus data announced for sale on web forum

A second batch of data purported to be from Optus has been put up for sale on a web forum, with 100 sample linked records as proof of its authenticity.

Emsisoft security researcher Brett Callow pointed out in a tweet that the account stated: “No sales will be made for 1 week until Optus responds”.

He said that implied it could be a case of attempted extortion. iTWire asked for a reaction from Optus on this. The Breach of Optus has been made public Thursday.

The publication claims that this data comes from 11.2 million users and is demanding $1 million from the company to have the sale reversed.

On Friday, Optus was asked about another batch of data allegedly from its innards. More than 24 hours later, there has been no response from his media unit.

A press conference by Optus chief executive Kelly Bayer Rosmarin on Friday provided no new information about the data breach.

Bayer Rosmarin claimed the attack was “sophisticated,” but that’s a claim made by every company that suffers a data breach.

The first batch of data was announced in a message dated September 17 and offered 1.1 million Optus mobile numbers and asked those interested to contact a given Telegram account.

Meanwhile, encryption software company Senetas questioned whether the stolen data was encrypted or not.

Senetas Managing Director Andrew Wilson said: “The critical question that Optus [is] – Was the data encrypted? If not, why not?

“If it’s sensitive data that’s heavily encrypted, as it should be, Optus customers needn’t be alarmed. They probably have years to change their passports and other ID documents before attackers can read and use what they stole. If not, customers need to start this process today. It’s a big difference!”

“Other statements by Optus that this was a very ‘sophisticated’ attack are unsatisfactory. Highly sophisticated and increasingly malicious attacks are common. This is why “data protection” is essential today – and that is encryption. whether stolen data is encrypted or not should be in the first communication about a successful breach. It is worrying that this vital information is missing so far.

“Many have wondered if prevention systems like those used by Optus are sufficient, or if the company has underinvested in its cybersecurity and this is the inevitable outcome. It’s unlikely. No cyberattack prevention system is bulletproof.

“The focus should instead be on regulation – we need comprehensive federal cybersecurity legislation that punishes companies and government agencies that fail to encrypt sensitive data. Not all companies can afford the kind of prevention systems that Optus has, but the lesson shouldn’t be that they shouldn’t try or put up a last line of defense in the event of a breach.”


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

Learn how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site and a major newsletter promotion and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV which will be used in promotional posts on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.