Medibank Hackers Just Leaked Your Data
Russia-backed cybercriminal organisation REvil has proven they weren’t bluffing yesterday, when they threatened to release sensitive Medibank customer information onto the dark web.
Starting at midnight, REvil began posting the data from close to 10 million Australian Medibank customers on a blog on the dark web, accessible through a ‘Tor’ browser.
Like an evil Santa, the hackers have been posting the Medibank data under a “good-list” and “naughty-list” on the REvil blog. Rather than one big data dump, they appear to be doling it out slowly.
“Looking back that data is not very understandable format (table dumps) we’ll take some time to sort it out and we posting a small part of the data, in ’human readable format (sample in json)” also we post all raw data. We’ll continuing posting data partially, need some time to do it pretty,” the hacker’s post said.
“We’ll continue posting data partially, including confluence, source codes, list of stuff and some files obtained from medi filesystem from different hosts.”
You may remember REvil from last year’s JBS Foods hack, which briefly sent the food industry in Australia and the US into chaos.
While it wasn’t apparent earlier they were behind the hack, it seems a certainty now, given the location of the data leak.
REvil gave Medibank 24 hours from Tuesday midnight to pay a ransom or it would leak the data. Medibank publicly declared it would not do so, echoing advice from the AFP.
“We knew the publication of data online by the criminal could be a possibility but the criminal’s threat is still a distressing development for our customers,” Medibank CEO David Koczkar said yesterday, before the data was leaked.
“Customers should remain vigilant. We unreservedly apologise to our customers. We take seriously our responsibility to safeguard our customers and support them.
“The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community.”