In chats with security writer Jeremy Kirk, a person claiming to be the Optus hacker seems to have validated this narrative of the data loss. The data was downloaded, according to the parameters provided to Kirk by the alleged hacker, by accessing the API sequentially for each value of a unique identification field designated “contactid” and capturing each user’s information one by one until the dataset of millions of entries was compiled.
