Database of 176 million Pakistani mobile phone users sold online

The database contains personal data including full names, physical addresses, and phone numbers.
Threat actor selling database of 176 million Pakistani telecom users

The database contains personal data including full names, physical addresses, and phone numbers.

A threat actor is selling a database allegedly containing the personal details of over 176 million Pakistani citizens. Apparently, the database is a compilation of data belonging to different telecom companies in the country and dumped altogether for sale.

Currently, some of the major telecom companies in Pakistan include Zong, Warid, Ufone, Telenor, and Jazz (Previously Mobilink & Warid).

According to sample data seen by Hackread.com, the information in the database includes:

  • City
  • Full name
  • Full address
  • Phone number
  • IMSI number
  • Activation date and status
  • Biometric Verification status
  • National ID card number (CNIC)
  • Name of the telecom company to which the connection belongs.

It is worth noting that the database was not stolen from any particular telecom company. It could be a result of illegal data scrapping technique or sold by government officials/insiders within the telecom sector as similar incidents were reported previously. 

Hi, I’m selling the database of telecom networks of Pakistan. It has details of more than 176 million subscribers. The data is updated in 2020. Interested people pm me to get the price, said the threat actor in their post.

Threat actor selling database of 176 million Pakistani telecom users
Screenshot of the post in which the hacker is offering data. (Image source: Hackread.com)

If the database is legitimate it poses massive security and privacy threat to Pakistani citizens. It can allow cybercriminals to carry out SMSishing, SIM Swapping attacks, and identity scams while State-backed actors can use the data for all sorts of malicious purposes.

The incident should not come as a surprise considering last year’s event when a threat actor leaked sensitive and personal data of 44 million Mobilink users on several underground and dark web hacker forums.

Additionally, a couple of weeks ago, Android spyware was found mimicking top government apps in Pakistan to spy on unsuspected users. However, there was no official response from the government once the issue was reported.

Nevertheless, the ongoing sale opens yet another pandora’s box questioning the security of the cyberinfrastructure of the Pakistani government and private institutions.

Hackread.com has informed relevant authorities however it is quite unlikely that there will be any response. Stay turned this article will be updated accordingly.

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter

Total
0
Shares
1 comment

Comments are closed.

Related Posts