Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile.
Threat intelligence analyst @Bank_Security first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile.
Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator.
Threat intelligence analyst Bank_Security is specialized in cybercrime and fraud. He discovered the ad during the ordinary monitoring activity then he decided to warn users because SIM Swapping is a scorching topic in Italy in the underground communities.
The dump allegedly includes 2,500,000 customers’ records and other data that can be exploited by hackers for SIM swapping attacks,
He told me that he wants to avoid possible bank fraud via SIM swap, phishing, or vishing attempts.
At the time of writing, the threat actor has shared a sample of 10 Ho Mobile customers. The entire database is available for sale, but the threat actor has not set a price and expects an offer from a potential buyer.
Below the list of fields for the records in the exposed sample:
birthDate: xxxx-xx-xx email: email@example.com emailVerified: address: xxx xxxxxxx addressId: xxxxx addressType: x city: xxxxxx country: Italia deleteFlag: province: xx streetNum: x zipCode: xxxxx address: addressId: xxxxx addressType: x city: Genova country: Italia deleteFlag: province: GE streetNum: zipCode: address: xxx xxxxxx addressId: xxxxx addressType: x city: xxxxxx country: Italia deleteFlag: province: xx streetNum: x zipCode: xxxxx endUserCommercialAssent: endUserContractNumber: endUserGpsAssent: endUserHabitsAssent: fiscalCode: xxxxxxxxxxxxxxxx gender: M hasPaid: name: xxxxxxx nationality: Italia surname: xxxxxx age: xx customerId: xxxxx customerIdHash: xxxxxxxxxxxxxxxxxxxxxxxxxx customerStatus: ACTIVE hasAccount: x isMissingData: piva: phoneNumber: xxxxxxxxxx phoneNumberContractNumber: masterDealerId: masterDealerName: pdvAddress: pdvCity: pdvId: pdvName: pdvPiva: pdvProvince: pdvStreetNumber: pdvZipCode: phoneNumberCommercialAssent: x phoneNumberGpsAssent: x phoneNumberHabitsAssent: x phoneNumberHash: xxxxxxxxxxxxxxxxxxxxxxxxxx phoneNumberReasonId: x phoneNumberStatus: ACTIVE phoneNumberThirdPartiesAssent: roleEndUser: B simActivationDate: xxxx-xx-xx simCapacity: 128K simExpirationDate: xxxx-xx-xxT00: 00: 00.000 + 02: 00 simHlr: xxxxxxx simIccid: xxxxxxxxxxxxxxxxxxx simImsi: xxxxxxxxxxxxxxx simPuk: xxxxxxxx simReasonId: simStatus: Attivo
In the forum thread, the actor said he already dumped the customers’ data and claims that “only the phone number and ICCID are needed to sim swap, so it will work unless operator send new SIM cards to all 2.5 million customers.”
At the time of this writing it was not possible to verify the authenticity of the data, we have to wait for an official statement from Ho Mobile.
“Privacy is a very hot topic nowadays. Unfortunately there are data breaches every day but when this data can be used to commit banking fraud via sim swapping, phishing or vishing to steal money from victims, this becomes an even bigger problem.” Bank Security told me. “Companies must invest more in cyber security because unfortunately it is only a matter of time before their data is sold, as in this case, on the various forums by cyber criminals.”
Stay Tuned ….
[출처 : SecurityAffairs / 12.28.]