Personal Information of 115 Million Pakistani Mobile Users Up For Sale on the Dark Web

A Pakistani cybersecurity company has come across a data dump containing information of 115 million Pakistani mobile phone users currently up for sale on the dark web.

The cybercriminal, who is a VIP member of the dark web forum where the advertisement has been placed, has set the asking price for this data dump at 300 Bitcoins (BTC) or $2.1 million.

According to the advertisement description, the telecom database was hacked this week.

Database is freshly hacked this week. That data was still being updated as I took the data down. Beautifully organized in a CSV with headers for your pleasure.

Rewterz’s Threat Intelligence team has analyzed some of the samples from the telecom database up for sale on the notorious dark web. The data includes personal information of the users such as names, contact numbers, residential addresses, CNIC numbers, and NTN numbers.

The Threat Intelligence team has noted that financially motivated threat actors are active in Pakistan and organizations with outdated cybersecurity infrastructure have become an easy target of these actors.

The team further notes that it is unclear for now whether only single or more telecom companies have fallen victim to the cybercriminals. It cannot be said with certainty as well whether this data has been stolen as a result of a single breach or multiple breaches over time.

According to the given sample’s visible results, the latest data is from 2014 and none of the latest number schemes (0317, 0308 etc.) are mentioned. It is entirely possible that the data is old and the claim is false.

That said, none of the telecom operators have notified their customers that their data has been compromised. It could be because either the companies are unaware of the breach, the data is actually old or they have deliberately chosen to keep their customers in the dark.

If the data leak is new it will rais serious questions on the protocols telecom companies are following regarding data security and privacy.

Via: Rewterz Information Security

    • You don’t wanna get your data hacked too, there are special way to access dark web.

  • It seems data is downloaded from some client app that provide export service like csv or excel, may be done by some employees of company or their partner/ franchisers who have access to data in chunks, it takes much time although, as they (employees/person) don’t know the consequence and do it for a small amount, poor people , also there is no penalty for such persons.

    • Neither employee nor franchise have excess to this level . This is a hack . No one is so fool these days .

  • Dear Mr. Haroon Hayder,
    I thought you guys are sharing the correct information but shameful act by ProPakistani because this data is 2014 as visible in the picture. I believe you guys will recheck the information. One more thing Rewterz Technologies is near to crack one biggest deal in one of Pakistan’s largest telco that’s why these guys share the old information on their websites.

  • It is marketing stunt by the Rewterz and Faiz ahmad shuja CEO of the company. He must be penalized on this fake news for his own benefits. Govt. of Pakistan must take action against him.

  • The hackers must be having backup of top officials current, retired or are in exile. Animals are sacred than these criminals.

  • Lol… Yeh kon sa naya kam hua yahan Nadra ka data bachay groups main sale karty nazar aye Pakistani telecom companies to phir bad ki bad ki bat hai..
    Yahan mangibaz jaisay log 4 article rank kar k khud ko 30 maar khan samjhnay lag jatay or government unhain apna wLid E mohtaram bana leti. ??

  • Hi, it seems like the database was either fake or way older and now the topic has been deleted by the guy who posted it. You should update your article. Thanks.

  • Still News on their website, atlest Govt. needs to take action against Rewterz who had created and posted the fake news for their own interest only.

  • Mr. Haroon Hayder your initiative is encouraging pointer. But it needs an to be pointed for conclusion. In order to support you have to be sincere to the ethics.

  • close