According to latest reports, Rewterz, a pioneer of specialized cybersecurity services in Pakistan, has come across a data dump containing information of 115 million Pakistani mobile phone users currently up for sale on the dark web. This is going to raise serious questions with regard to data protection in Pakistan.
115 Million Pakistani Mobile Users Data Go on Sale on Dark Webhttps://t.co/QioWXW2G1E
— Ataullah Saleem (@ataullahsaleem) April 10, 2020
The cybercriminal, that is a VIP member of the dark web forum where the advertisement has been placed, has set the asking price for this data dump at 300 Bitcoins (BTC) or $2.1 million.
According to the advertisement description, the telecom database was hacked this week. Database is freshly hacked this week. That data was still being updated as I took the data down. Beautifully organized in a CSV with headers for your pleasure.
Rewterz’s Threat Intelligence team has analyzed some of the samples from the telecom database up for sale on the notorious dark web. The data includes personal information of the users such as names, contact numbers, residential addresses, CNIC numbers, and NTN numbers.
The Threat Intelligence team has noted that financially motivated threat actors are active in Pakistan and organizations with outdated cybersecurity infrastructure have become an easy target of these actors.
The team further notes that it is unclear for now whether only single or more telecom companies have fallen victim to the cybercriminals. It cannot be said with certainty as well whether this data has been stolen as a result of a single breach or multiple breaches over time.
According to the given sample’s visible results, the latest data is from 2014 and none of the latest number schemes (0317, 0308 etc.) are mentioned. It is entirely possible that the data is old and the claim is false.
Moreover, Rewterz Threat Intelligence experts believe that the scale of this breach raises questions about the data security and privacy of telecom companies. This data can be an outcome of multiple breaches or a single breach, it’s too early to say at the moment. It is also unclear if any specific telecom operator or all telecom operators in Pakistan fell a victim of this attack.
The accounts were listed for anyone to download, with the intent to troll and disrupt rather than profit. But given that many are using Zoom for business purposes, confidential information could be compromised
Nonetheless, if a breach had happened it should have been disclosed for customer’s knowledge. It might be possible that these telecoms companies failed to disclose the breach because they aren’t aware of the hack or have intentionally opted not to reveal. It’s concerning for customers whose information has been published.
Recently, Zoom has been in the news for the reason that video calling platform does not feature end to end encryption (E2E) despite marketing it everywhere. This allows Zoom to have access to the audio and video in a private video conference even though it claims not to.
However, now, according to Sixgill, a cybersecurity firm that specializes in investigating Dark Web, Zoom has become a target of scammers as there is a link posted on of the Dark Web marketplaces containing login information of over 352 verified Zoom accounts.
It mainly contains information of private users including names, email IDs, passwords, type of Zoom account, host keys, and meeting IDs, etc. However, one account belongs to unidentified US-based healthcare service, one is a small business, and seven accounts belong to educational institutions.
The accounts were listed for anyone to download, with the intent to troll and disrupt rather than profit. But given that many are using Zoom for business purposes, confidential information could be compromised. The company is yet to ensure highest level of protection to safeguard personal data.