Security researcher Brett Callow of New Zealand-based Emsisoft posted the information in a tweet.
The threat by the attacker comes a day after Home Affairs Minister Clare O'Neil sharply criticised Optus for its inability to stop what she described as "a basic hack".
The #Optus hacker has released 10k records, and claims that another 10k will be released each day for the next 4 days. 1/2 pic.twitter.com/Nm07oQhMZl
— Brett Callow (@BrettCallow) September 26, 2022
The attacker has demanded a million dollars in the Monero cryptocurrency to delete the data.
|
"And as that pinkie promise would be coming from an untrustworthy bad-faith actor, it’d carry zero weight.
"The company could find itself being extorted for a second time or the data could be released online anyway. Botton line: it’d make zero sense for Optus to pay."
Laura Tingle: “You don’t seem to be buying this line from Optus that this was a sophisticated attack”
— Jack Foster (@jacklfoster) September 26, 2022
Clare O’Neil: “Well it wasn’t. So, no.”#Optus #abc730
O'Neil was also critical of Optus' response to the breach, saying it was inadequate. She said about the data of about three million customers had been stolen.
Optus on Monday afternoon offered the most affected customers a a 12-month subscription to Equifax Protect, a credit monitoring and identity protection service.
But this offer came only after O'Neil had raised the issue in Parliament. Law firm Slater and Gordon has said it is looking at the possibility of mounting a class action on behalf of those whose data was stolen.
Identity fraud may not be the only thing Optus customers have to worry about. 2/2 pic.twitter.com/4ysGpMHq7G
— Brett Callow (@BrettCallow) September 26, 2022
The minister told the ABC's 7.30 program that under existing laws she could only fine Optus a maximum of $2 million and that there was a need for bigger penalties to come into force.
O'Neil dismissed Optus' claims of the attack being "sophisticated", saying of the claim: "“Well, it wasn’t. So, no.”
She added: "We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.”
Optus has been struggling with the messaging around their recent data leak, so we thought we'd help them out pic.twitter.com/em2DbkmZZ7
— The Chaser (@chaser) September 26, 2022