The database contains personal data including full names, physical addresses, and phone numbers.
A threat actor is selling a database allegedly containing the personal details of over 176 million Pakistani citizens. Apparently, the database is a compilation of data belonging to different telecom companies in the country and dumped altogether for sale.
Currently, some of the major telecom companies in Pakistan include Zong, Warid, Ufone, Telenor, and Jazz (Previously Mobilink & Warid).
According to sample data seen by Hackread.com, the information in the database includes:
- Full name
- Full address
- Phone number
- IMSI number
- Activation date and status
- Biometric Verification status
- National ID card number (CNIC)
- Name of the telecom company to which the connection belongs.
It is worth noting that the database was not stolen from any particular telecom company. It could be a result of illegal data scrapping technique or sold by government officials/insiders within the telecom sector as similar incidents were reported previously.
Hi, I’m selling the database of telecom networks of Pakistan. It has details of more than 176 million subscribers. The data is updated in 2020. Interested people pm me to get the price, said the threat actor in their post.
If the database is legitimate it poses massive security and privacy threat to Pakistani citizens. It can allow cybercriminals to carry out SMSishing, SIM Swapping attacks, and identity scams while State-backed actors can use the data for all sorts of malicious purposes.
The incident should not come as a surprise considering last year’s event when a threat actor leaked sensitive and personal data of 44 million Mobilink users on several underground and dark web hacker forums.
Additionally, a couple of weeks ago, Android spyware was found mimicking top government apps in Pakistan to spy on unsuspected users. However, there was no official response from the government once the issue was reported.
Not sure if anyone in #Pakistan will care about this but 4 trojanized apps disguised as popular Pakistani apps are spying on users including:
Pakistan Citizen Portal
Registered SIMs Checker
Pakistan Salat Time
Mobile Packages Pakistan TPL insurance. pic.twitter.com/6h7u2t3EBG
— Waqas (@WAK4S) January 12, 2021
Nevertheless, the ongoing sale opens yet another pandora’s box questioning the security of the cyberinfrastructure of the Pakistani government and private institutions.
Hackread.com has informed relevant authorities however it is quite unlikely that there will be any response. Stay turned this article will be updated accordingly.