Sensitive personal information of millions of users of five telecommunication companies operating in Pakistan has allegedly been breached by an international lone hacker and is up for sale.
The hacker is demanding Bitcoin, Tether, or Ethereum equivalent of $2,000 and is using a Telegram account for communication and negotiating the price of sale.
The hacker claims that he has access to the personal information of approximately 500 million records of subscribers of Jazz, Telenor, Ufone, Warid, and Zong.
Here is a breakdown of the number of records of these telecom companies which the hacker claims he has access to:
- Jazz (140.6 million)
- Telenor (250.6 million)
- Ufone (33.2 million)
- Warid (6.5 million)
- Zong (68.7 million)
The hacker claims that the records are updated till March 2020. One sample file for each telecom company has also been shared by the individual for scrutiny.
ProPakistani has analyzed the samples which show that the files are in Microsoft Access database formats with .accdb and .mdb extensions and contain information such as names, mobile numbers, CNIC numbers, and addresses of the subscribers.
Speaking exclusively with ProPakistani, Zaki Khalid, a Rawalpindi-based strategic analyst, said that “on the outset, data samples shared for scrutiny appear legitimate. However, claims of the hacker, of the data being latest as of March 2020, can only be verified by the concerned telecom companies.”
Zaki went on to add that “there are reasons to argue these latest ‘leaks’ might be repackaged files of major breaches that occurred a few years ago. These claims cannot find closure until a thorough inquiry is conducted by the state. Lawmakers in the parliament must demand an immediate inquiry report from these telecom companies.”
On the other hand, the spokespersons for these five telecom companies have categorically rejected the claims of the hacker, adding that their initial investigations have confirmed that no customer data breach has occurred.
The telcos added that they believe in data privacy and take matters related to cyber security extremely seriously, asserting that they have employed comprehensive cyber security systems and procedures to detect and fend off cyber threats and take necessary protective measures. Their paramount priority is to keep our customer data secure, the spokespersons added.
Unfortunately though, this isn’t the first time that telecom companies have suffered similar data breaches. Time and again in recent years, the personal information of millions of Pakistani mobile phone users has been leaked online.
ProPakistani had access to such files in the past as well. We have seen the leaked data personally and can confirm the availability of such data on the internet in the past.
Notwithstanding repeated data breaches of millions of citizens, the government has not yet taken any robust action to hold the telecom companies accountable for their failure to protect the information of their subscribers.
The Ministry of Information Technology and Telecommunication (MOITT) had drafted the Personal Data Protection Bill (PDPB) months ago. The bill was modeled on the same lines as the EU’s General Data Protection Regulation (GDPR). The PDPB contains provisions on data localization and a central data protection authority to secure the personal in order to secure the personal data of the citizens. However, the bill hasn’t been signed into law yet which shows the indifferent attitude of the lawmakers regarding the protection of the personal information of the citizens.
Really?
Ab kia hoga? 🥺
How to get that one sample file?
Telos take cyber security very serious wat a flipping joke.
How could an intruder get access to customer records of all telcos? Not possible unless the leaks emanated from PTA office(s). Telcos are supposed to submit customer records to PTA regularly. Thats where goldmine of data exists.
Only a matter of time that IMEI records shall also be up for sale.
It may be leaked from PTA.
Do you have evidence ?
Or its Blame ????
It might not be a hacking issue, it could have been sold out by our Fauji bhais playing second and more lucrative innings while ‘serving’ for NADRA, PTA, NTC and intel agencies.
Well I also have access to data that is updated till March 2020 which I bought for just 200 pkr
Bs phr ab tumhari khai nhi pro Pakistani and police department works together
WHY BE ANGRY AT A FOREIGN HACKER? Leave alone foreign hackers…..tell me, how do Pakistani commercial companies get my cell phone number and then bombard me with their ads? If not from our own telecoms then from whom? This is notwithstanding the innumerable other big and small ways that these Paki telecoms rob us of our money (most, if not all, of you, would have abundant evidence in this regard). IMO, the BIGGEST CRIMINALS are our own telecom companies who, for more and more money, don’t hesitate to sell our data/personal info to private businesses WITHOUT EVEN BOTHERING TO TAKE OUR CONSENT. And I wouldn’t at all be surprised if it is the telecom mafia that is behind the bill lying pending before the law-makers.
Ab hamari person information b save nhi
Hacker ny pehly usy bahr k adaron ko koi 1million me bech k then Pakistan sy b 2k me chuna lghana hy
Yeh koi Pakistani hi Hoga begerat ahr hacker hota 2000 mangta USD me hahaha
Take take pe bikrha he nadra ka data. 4000 pkr me cdr miljati he telecom companies ki. 10 hazard me nic plus name and other sim on nic ka pata chaljata he .
Worrying now because being told about it.
Already sold many years ago and is on sale at any given time.
Except for those nonexistent ones who do not receive irritating number of messages from irrelevant and relevant products.
Relax. . . . . We aren’t a target worth.
I need that data. I will buy it please help me connect the vendor.