OPTUS Hack – an update

The OPTUS hack potentially represents the biggest corporate hack in Australian history. It affects up to 3.5 million past and 5.8 million present customers.

Many OPTUS customers have received an email or SMS advising that the following may have been exposed:

  • Full name
  • Date of Birth
  • Email address
  • Phone number
  • Physical address
  • ID documents required to get an account – driver’s licence number, passport, other

Unaffected services include:

  • Mobile and home internet
  • Messages, voice calls
  • Billing and payment detail
  • Account passwords

What can cybercriminals do with the OPTUS hack data?

First, it will blend into your dark web profile – adding pieces to the jigsaw puzzle that is you. AI-bots then assess whether you are ready to be:

  • Scammed
  • Undertake an account takeover
  • Full-scale identity theft.

Scamming starts as increased junk mail containing poisoned links that can infect a PC or smartphone. Be vigilant, especially checking that the links in an email are indeed from Optus.com.au.

Optus will not send links in any email or SMS messages.

It may go to a snail mail campaign (as they have your billing address). Clever socially engineered appeals entice you to contact what looks like a legitimate front concealing the cybercriminal network.

Or you may get phone calls from cybercriminal call centres and the emotional appeals they use.

If your profile is ready for account takeover, the information can help to set up new phone accounts, apply for credit cards and more. In this case, make sure all your financial accounts use two-factor identification. This stops cybercriminals from getting control of your accounts. One surefire way to prevent that is to get a new second phone number/sim if you have a dual sim phone. That way, the SMS comes to your new, unhacked number.

Optus is temporarily stopping SIM Swaps and Replacements, as well as Change of Ownership via its online, phone and messaging support teams.

If your profile has enough information for ID Theft, your life could become hell. Loans can be taken out in your name, contacts executed etc. Fortunately, this process takes time, and you can make sure that all your accounts are secure. You should set up a new email address to associate with all your online accounts. Then, you know any use of the old one may be fraudulent.

CyberShack’s view – The OPTUS hack is part of the wild, wild, web

There is no point baying for the OPTUS CEO’s blood. The reality is that a team of possibly Nation-State-Sponsored hackers use AI-bots to probe the Telco (and every other company’s online database) for weaknesses.

OPTUS claims that it was the victim of a sophisticated cyber-attack (as they would). OPTUS vehemently rejects the unsubstantiated assertion that human error left the gate open, and hackers strolled in (as they would).

One thing is for sure. It is going to cost OPTUS a pretty penny to harden the database; to compensate any user for loss; and damage to its reputation. OPTUS will be working doubly hard to ensure its reputation remains intact.

CyberShack says that we need OPTUS to act as the only viable competitor to Telstra and to prevent a monopoly with Telstra/TPG.

While this incident is extremely unfortunate, there is no reason to jump ship. After all, Telstra could be hacked next.