I have: 2.5 million customer data for sale?

I have: 2.5 million customer data for sale?
It will not be a simple end of 2020 for Ho Mobile technicians: someone claims to have put up for sale on the Dark Web a database containing data belonging to about 2.5 million customers of the operator controlled by Vodafone. At the moment, telco has not received any confirmations, denials or reassurances in this regard.

Ho Mobile: stolen data, customer accounts at risk

The archive contains personal information such as to allow an attacker to trace the subjects; name, surname, social security number, date of birth, telephone number, email address, full residential address and ICCID code of the calling card. Sufficient details to launch a SIM swap attack with the aim of appropriating the user and subsequently reaching out to the victim, among other things, emptying it. The data would have been put up for sale on December 22, as reported by the Bank Security account on Twitter.



Curiously, just in the past few hours the official Facebook profile of Ho Mobile shared a post in which he invites customers to send a voice message to let off steam against the nefarious year that is about to end. A box that now risks being overwhelmed by requests for clarification regarding the leak.



The article will be updated as soon as further details or official statements from Ho Mobile or Vodafone are available.

Update (29/12/2020, 14.10): the denial comes from the company, there is no evidence of a violation.

With reference to some indiscretions published by the press, ho.mobile has no evidence of massive access to its IT systems that have jeopardized the customer base data. We have started investigations in collaboration with the investigating authorities for further investigation.

Source: Bank Security on Twitter