Unknown hackers leak data cache of 44 million Pakistani subscribers of Mobilink aka JAZZ mobile service
Unknown hackers have leaked a data cache consisting of 44 million Pakistanis who make up nearly 1/5th of Pakistan’s population. This massive data leak comes after another unknown hacker tried to sell a data cache containing details of 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. The 115 million users make up nearly half the Pakistan’s population.
The database now leaked by the hackers contains personally-identifiable information for 44,000,000 Pakistanis and includes the following:
- Customer full names
- Home addresses (city, region, street name)
- Pakistan’s National identification (CNIC) numbers
- Mobile phone numbers
- Landline numbers
- Dates of subscription
Security researchers have said that the data leak seems to be the result of a data breach that took place in 2017 as the oldest records in the data breach are dated as back as 2013.
Actor leaks Mobilink's (now @jazzpk) database – Pakistan's leading telecom service.
– Database contains information such as names, addresses, phone numbers, national IDs, and more on over 44,000,000 Pakistanis.
– Database apparently got hacked in 2017. pic.twitter.com/xjpg6EvpDE
— Under the Breach (@underthebreach) May 5, 2020
ZDNet obtained a copy of the dump containing 44 Million records which is part of a bigger 115 Million data dump. The majority of the information leaked by the hackers contained mobile phone numbers of subscribers of Jazz (formerly Mobilink), a top Pakistani mobile service provider. ZDNet report says that the data cache contains details of other mobile service operators also. This makes it impossible to conclude that the whole data cache came from the Mobilink data leak of 2017 and other data breaches should be expected.
This data breach trove could identify nearly half the population of Pakistan and expose them to serious online threats. The incident is already under investigation in Pakistan, by the Pakistan Telecommunication Authority (PTA) and the Federal Investigation Agency (FIA).
In separate news linked to Pakistan, an unknown hacker had put up a similar data dump reportedly containing 115 million Pakistani mobile user records on a Dark Web hacker forum. The hacker was asking over $2 million worth of bitcoin for the same. The dump was discovered by a Dubai-based cybersecurity firm Rewterz (@rewterz) that confirmed its authenticity and the Pakistan Telecommunication Authority (PTA).
Jazz has refused to comment so far on the data breach. A Jazz spokesperson did not reply to a request for comment from ZDNet. Jazz aka Mobilink had disputed that the 2017 data breach trove came from its servers.