Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Notorious hacking collective claims to have millions of lines of customer data but Aussie telco says all information was already public.
The same group responsible for a string of high-profile Salesforce-based attacks over recent months has listed Australian telco Telstra as a victim on its darknet leak site overnight.
Scattered LAPSUS$ Hunters shared what it says is a sample of customer data stolen from Telstra in an overnight leak post, claiming to have more than 19 million sets of personally identifiable information.
“We highly advise you proceed into the right decision, your organisation can prevent the release of this data, regain control over the situation and all operations remain stable as always,” a Scattered LAPSUS$ Hunters spokesperson said in an October 9 leak post.
“We highly recommend a decision-maker to get involved as we are presenting a clear and mutually beneficial opportunity to resolve this matter.”
The hackers also shared a sample file with several hundred sets of names, mobile numbers, and home addresses. No other data appears to be impacted.
However, Telstra has denied the hackers’ claims.
“We’re aware that a malicious actor has listed what it claims is Telstra data online and we have investigated,” a Telstra spokesperson told Cyber Daily.
“Based on our assessment, the data has been scraped from publicly available sources and does not originate from Telstra systems. No passwords, banking details or personal identification data such as driver’s licence or Medicare numbers are included.”
Cyber Daily’s own investigations suggest the data does in fact come from another source. Reverse Australia is a reverse phone number lookup service, and the data that Scattered LAPSUS$ Hunters claims to have stolen matches the address formats of that service exactly.
Since its leak site went live earlier this month, Scattered LAPSUS$ Hunters has posted the details of dozens of victims, mostly linked to a series of Salesforce instance compromises over the last few months, including UPS, Disney, FedEx, and Australia’s national carrier, Qantas. The group is claiming to have more than one billion records belonging to Salesforce customers, and is calling on the company to “resolve” the matter or face the consequences.
“Contact us to negociate [sic] this ransom or all your customers data will be leaked. If we come to a resolution all indiviual [sic] extortions against your customers will be withdrawn from. Nobody else will have to pay us, if you pay, Salesforce,” the hackers said.
“If Salesforce does not engage with us to resolve this, we will completely target each and every indiviual [sic] customers of theirs listed below, failure to comply will result in massive consequences. If you are listed below we advise you to take every action to protect yourselves and reach out to us to resolve this. Do not be mistaken that your SaaS provider will protect all of you, they won't. Don't be the next headline, make the correct decision and reach out.”
The hacking group also lists a smaller number of victims that are not linked to the Salesforce compromises, including Linux giant Red Hat, CIC Vietnam, and Telstra.
Scattered LAPSUS$ Hunters has set an October 13 deadline to publish the allegedly stolen Telstra data.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
