What sounds like a nightmare for a company? Waking up to the news that the data of their customers is being sold online. That’s exactly what has happened to Ho-Mobile, an Italian phone service provider owned by Vodafone Italy.
Apparently, the personal data of over 2.5 million Ho-Mobile’s customers is being sold on a dark web hacker forum. The data includes personally identifiable information such as date of births, phone numbers, fiscal codes physical addresses, and email addresses.
Screenshot of the database being sold online (Image: Twitter – Bank Security)
As seen by Bank Security, the researcher believes that this information, particularly the Integrated Circuit Card-Identity (ICCID) codes can also be exploited to conduct sim swapping (SIM hijacking or SIM hacking) attacks which can be used for nefarious purposes including financial theft.
See:
For example, by gaining access to a victim’s sim, the attackers could reset a banking app’s password and then access the verification code sent to the sim. With this, the password will be easily changed allowing the attacker to make transactions as they see fit.
Last year, there were several reported cases in which cyber criminals used sim swapping technique to steal millions in crypto from their victims. SIM swapping attacks are so common these days that Europol had to carry out an operation to nab SIM ..
Support the originator by clicking the read the rest link below.
