A Pakistani cybersecurity company has come across a data dump containing information of 115 million Pakistani mobile phone users currently up for sale on the dark web.
The cybercriminal, who is a VIP member of the dark web forum where the advertisement has been placed, has set the asking price for this data dump at 300 Bitcoins (BTC) or $2.1 million.
According to the advertisement description, the telecom database was hacked this week.
Rewterz’s Threat Intelligence team has analyzed some of the samples from the telecom database up for sale on the notorious dark web. The data includes personal information of the users such as names, contact numbers, residential addresses, CNIC numbers, and NTN numbers.
The Threat Intelligence team has noted that financially motivated threat actors are active in Pakistan and organizations with outdated cybersecurity infrastructure have become an easy target of these actors.
The team further notes that it is unclear for now whether only single or more telecom companies have fallen victim to cybercriminals. It cannot be said with certainty as well whether this data has been stolen as a result of a single breach or multiple breaches over time.
According to the given sample’s visible results, the latest data is from 2014 and none of the latest number schemes (0317, 0308 etc) are mentioned. It is entirely possible that the data is old and the claim is false.
As yet, none of the telecom operators have notified their customers that their data has been compromised.