1. Home
  2. >>
  3. mobile
  4. >>
  5. I have mobile, is the data of all users for sale on the dark web?

I have mobile, is the data of all users for sale on the dark web?

I have mobile, is the data of all users for sale on the dark web?

This morning is definitely news worrying: data for all two and a half million ho mobile users would have been stolen and put up for sale on the dark web.

The news was first published on the Twitter account of Bank Security (generally reliable source when it comes to cyber security) yesterday evening.

A Threat Actor is selling a Database of the Italian mobile service provider ho. (https://t.co/N5IYO88bja) owned by @VodafoneIT 🇮🇹.

The dump allegedly includes 2,500,000 customers’ PII Data, Phone Numbers & ICCID that can be exploited for SIM swap attacks to empty Bank accounts. pic.twitter.com/yR193Mt3CS

– Bank Security (@Bank_Security) December 28, 2020

Someone, therefore, would have managed to steal a series of sensitive data from the ho mobile databases, and then make them available to any attacker in exchange for only $ 500.

Here an example of the stolen data:
– email
– fiscal Code
– phone Number
– sim Iccid
– address
– city

Here the full list: https: //t.co/RrlTMITLpc pic.twitter.com/4byhYnNT4n

– Bank Security (@Bank_Security) December 28, 2020

The personal informations that appear to have been stolen do not include passwords or credit card numbers, while there are addresses, telephone numbers, social security number, email address and the ICCID of the SIM cards. The latter, the Integrated Circuit Card-Identity, is a unique code used for the portability of our phone number on a new SIM. Knowing it, it would be possible to transfer a user’s phone number to a new card and use it to access all those services that require two-factor authentication.

The situation is currently very confusing: some sources like D-day claim that the data offered for sale really belong to ho mobile users, while the operator, in a note sent to Courierdenied any unauthorized access to its database took place.

We therefore just have to wait for further developments, on which, of course, we will keep you updated.