Details of Pakistani mobile subscribers have surfaced online after a hacker tried to sell the package for 300 bitcoins equivalent to $2.1 million. The data leak exposed personally identifiable information (PII) for 115 million subscribers. The exposure took place in two subsequent breaches that exposed the details of 44 million and 55 million subscribers, respectively. None of the affected mobile service providers has acknowledged any data breach on their servers. There is an ongoing investigation by cybersecurity services in Pakistan to establish the source of the leak.
Details of mobile subscribers exposed in the data breach
The data leak exposed personally identifiable information for mobile subscribers. The exposed phone users’ data included the mobile subscribers’ full names, home addresses including city, region, and street names, mobile phone numbers, national identification or CNIC numbers, landline numbers, and date of subscription. The data leak affected both individual and company mobile subscribers.
Although the exposure of personally identifiable information might not lead to direct losses for the affected users, it can expose them to phishing scams and possible SIM swap attacks. The data could also be misused by political actors and telemarketers to influence the mobile subscribers’ decision.
Ilia Kolochenko, the Founder & CEO of web security company ImmuniWeb, says there are various avenues for the misuse of personally identifiable information by various rogue entities.
“The database may be valuable for spammers and unethical advertising agencies. If proven to be reliable and authentic, unscrupulous businesses may leverage the data as rocket fuel to promote their products across the nation. While some political parties may well use data to promulgate their electoral campaigns or discredit their rivals in a smart manner.”
Kolochenko says cybercriminals could also use the data to obtain more information about the affected mobile subscribers.
“As for professional cybercriminals, they will unlikely have a major interest in the database given that many leaked details about the victims can be crawled on Facebook or obtained from previous data breaches.”
He adds that the data could also be used to launch more sophisticated and targeted attacks against people of interest. The best option for the affected mobile subscribers would be to change their telephone numbers, according to Kolochenko.
“Nonetheless, cyber mercenaries may aptly exploit the data to identify mobile numbers of journalists and politically exposed persons (PEP) to launch targeted and highly sophisticated attacks on their mobile devices. Thus, victims who believe that they may be at risk, should urgently consider changing their numbers.”
The nature of the data leak
Analysis of the file revealed the last entry was entered in 2013. This implies the threat actors possibly accessed the personal data from an old backup file, or the data leak took place long ago and has just been discovered recently. Under the Breach, an Israeli-based security firm, claims the data leak took place in 2017.
The majority of the mobile subscribers exposed in the data leak came from a mobile operator called Jazz or formerly Mobilink. However, mobile subscribers’ data from other operators are also present. Jazz mobile service provider had previously denied that that data leak took place on its servers. None of the other providers has taken the responsibility of the leak. Mobile operators could either be unaware of the breach or have decided to withhold information regarding the release of their mobile subscribers’ information.
It is unclear whether the origin of the data leak was the Jazz servers, or if the company released the data. A breach on a government agency or a telemarketing firm could also be the source of the leak.
The mysterious nature of the data leak has prompted an investigation by the Pakistan Telecommunication Authority (PTA) and the Federal Investigation Agency (FIA). The PTA Chairman, Major General (r) Amir Azeem Bajwa, said the agency is still verifying the authenticity of the data.
“It is still a claim that data of 115 million Pakistani users has been breached, but we are trying to verify the authenticity of the claim by someone on the dark web”.
Currently, no mobile operator has given any directives to the affected users.