Vodafone Group’s low-cost operator ho. Mobile disclosed that hackers stole part of its customer database exposing personal user information and SIM technical data.
The stolen database which was put up for sale on dark web forums since December 22, has been partially verified and includes necessary details to perform SIM-swap attacks.
The news of the database available on a hacker forum emerged on December 28 but the Italian mobile service provider in an initial statement said that it had no evidence of illegal access to its systems.
However, on Monday the company confirmed the massive breach saying that personal data and SIM-related information of 2.5 million subscribers have been stolen.
The hackers got customer details such as name, surname, phone number, email, date and place of birth, nationality, and address. They also got the SIM Integrated Circuit Card Identification Number (ICCID) – a unique number providing the card’s country, home network, and identification.
Using these details, it is possible for threat actors to conduct SIM-swapping attacks in which they can assign a victim’s phone number to a SIM card in their possession and thus receive the target’s calls and text messages.
At least one actor may have purchased the database, while many others showed interest.
A user commented on the hacker forum, that the seller asked for $50,000 for the entire database. The seller could even break it into smaller sets and sell if not in bulk.
Now the mobile operator is trying to minimize the impact of the breach on customers and is offering them a new SIM card free of charge.
The company has starting alerting affected customers via text and also notified that phone calls, SMS, web traffic, and payment data has not been affected by the breach.