"Too many eyes. We will not sale data to anyone. We cant if we even want to; personally deleted data from drive (Only copy)," the attacker wrote.
But security researcher Brett Callow pointed out that the 10,200 samples that had already been leaked were now being shared by another forum member.
Optus revealed the breach last Thursday. Since then, the company has been strongly criticised by the Federal Government and its version of events contested by the Home Affairs Minister Clare O'Neil.
It seems the #Optus hacker got cold feet. That said, one forum member seems to think there's more to the story. 1/2 pic.twitter.com/pG2RoxuSjB
— Brett Callow (@BrettCallow) September 27, 2022
"Sorry too 10,200 Australian whos data was leaked," the attacker wrote. One reason for the quick change of mind may have been because there were government email addresses in the dump carried out overnight.
|
"Deepest apology to Optus for this. Hope all goes well from this.
While the #Optus hacker has deleted his/her initial post and claims to have also deleted the only copy of the data, the 10,200 samples that had already been leaked are now be shared by another forum member. 1/2 pic.twitter.com/Pdxhl8Xz4o
— Brett Callow (@BrettCallow) September 27, 2022
"Optus if your reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message.
"Ransom not payed but we don't care any more. We mistake to scrape publish data in first place."
The hackers have given up on trying to get a ransom out of Optus after waiting on hold for the past 3 hours
— The Shovel (@TheShovel) September 27, 2022
Callow, who works for New Zealand-headquartered Emsisoft, tweeted: "It seems the #Optus hacker got cold feet. That said, one forum member seems to think there's more to the story."
However, he added: "It should be noted that the fact the hacker claims to have deleted the stolen data doesn't mean s/he actually did. And, of course, this doesn't help the >10k customers whose data was released and potentially accessed by multiple 3rd parties."
There is, of course, no way to know how many times this data has been shared and reshared. Nor is there any way to know whether the rest of the data was shared prior to being deleted - assuming it was deleted, that is, which something we only have the hacker's word for.
— Brett Callow (@BrettCallow) September 27, 2022