"Worsening Aussie Pwnageddon" - Optus, Medibank and more


2 min read

Even though I know that companies get hacked every day, I feel like Aussies are being targeted a lot at the moment. To use the words Troy Hunt used: "Worsening Aussie Pwnageddon" and I have to say that I personally have been in two of the recent three big Aussie data breaches.


We (as in most Aussies) were quite lucky with the Optus data, as no dataset has (yet) been published, except for the 10k lines in a CSV which was used as "proof that we got in". The hacker apologized after the backlash and the start of the investigation against him.

What we don't know is, how many other people dumped the data from the API and are not publicly known.

There are already plenty of stories about people being impacted by this.


On October 13th, Medibank informed its customers that there has been a "cyber incident" and that members will be kept up to date with the details.

As it turned out later, REvil or a REvil associated group bought credentials for Medibank on an "Access broker" Telegram channel for US$7000 (advertised price, the actual price might have changed).

From there they spend some time in the network, downloading all the data they could get their hands on.

The ransom was set at US$1 per member, US$9.7 million in total. To motivate Medibank to pay, REvil published specific datasets, such as "abortions.csv", "Boozy.csv", "HIV.csv", "STD.csv" and "Psycho.csv". As the file names suggest, they are all files with sensitive topics.
Medibank did not pay and REvil published all the data via their TOR website.

They call the "project" completed now.

Screenshot from the REvil blog


On October 27th, MedLab said that they had a data breach in February 2022 affecting around 223000 people in NSW and QLD.

The statement said that they got informed in February, and "immediately coordinated a forensic investigation led by independent external cyber experts" but they did not find any evidence of a compromise.
In June the Australian Cyber Security Center informed MedLab that some MedLab data is circulating on the dark web.
According to MedLab, the investigation of the cyber experts has taken until October, to confirm the breach.

Screenshot from the Quantum Blog