Personal data of 44 million Pakistani cellular users has leaked online. Last month, a Pakistani cybersecurity organization claimed that it had located a data selling at the dark web which contained personal information of a hundred and fifteen million Pakistani mobile users. The leaked data was selling for 300 Bitcoins (BTC) or $2.1 million.
CEO of ImmuniWeb Ilia Kolochenko said “The database may be valuable for spammers and unethical advertising agencies. If proven to be reliable and authentic, unscrupulous businesses may leverage the data as rocket fuel to promote their products across the nation,” added “While some political parties may well use data to promulgate their electoral campaigns or discredit their rivals in a smart manner.”
Professional cyber criminals might not find the database lucrative “given that many leaked details about the victims can be crawled on Facebook or obtained from previous data breaches,” said Kolochenko. “Nonetheless, cyber mercenaries may aptly exploit the data to identify mobile numbers of journalists and politically exposed persons (PEP) to launch targeted and highly sophisticated attacks on their mobile devices.”
Federal Investigation Agency (FIA), Pakistan Telecommunication Authority (PTA), and NADRA are investigating the records selling on dark web at the orders of the Senate Standing Committee on Interior. The new leaked data for sell contains more information then previous month dumped data of one hundred fifteen million Pakistanis.
The latest leaked data shows that it carries both personal and telephone related secret information of all the telecom operator customers.
It includes information such as:
- Mobile phone numbers
- CNIC numbers
- Residential addresses
- Landline numbers
- Dates of subscription
Another fact about this dump data that it is of 2013 which means either the old backup file are hacked or the data is old but leaked recently.
telecom administrators should freely tell their clients that their information has been leaked. Inability to do so means that either the telecom companies are uninformed about the breach or they have purposely decided to keep their clients in obscurity. This breach once again raised serious questions on the data security of telecom organizations.