Optus issues data scam alert to customers

These customers will be notified by Saturday, while those who aren't affected will be last on the list to be contacted.

Optus also warned its text messages or emails to customers won't carry internet links, so if anyone sees a link they could be being set up for a scam.

"Please do not click on any links," Optus said in a statement on Saturday.

The Australian Federal Police is also looking into reports that stolen customer data and identification numbers could be for sale through a number of forums, including the dark web.

"The AFP is using specialist capability to monitor the dark web and other technologies, and will not hesitate to take action against those who are breaking the law," a spokesperson said.

Anyone who buys stolen credentials faces up to 10 years in prison.

Optus also warned its announcement of the cyber attack on Thursday could trigger a rush of scams by criminals, including phishing calls, emails and text messages.

"As the cyber attack is now under investigation by the Australian Federal Police, Optus cannot comment on certain aspects of the incident," it said.

"Given the investigation, Optus will not comment on the legitimacy of customer data claimed to be held by third parties and urges all customers to exercise caution in their online transactions and dealings."

No passwords or financial details were compromised in the attack, which Optus vice president Andrew Sheridan described on Friday as "very sophisticated".

Some 9.8 million customers were impacted but human error was not to blame for the breach, he said.

Optus, which began contacting millions of customers on Friday, has apologised for the breach.

The telco said getting information out through news channels was the "quickest and most effective way" to alert customers and communicate the severity of the situation.