[ad_1]
The telephone operator On mobile owned by British Vodafone may have suffered a hacker attack able to compromise personal information by ben 2.5 million users. The news has not yet been confirmed by the company, but it was given on Twitter by Bank Security, a cybersecurity site generally considered very reliable that explains the scope of an attack that, if confirmed, would be very serious.
Data at risk
According to the site, the operator’s servers were breached until the attackers obtained a database of the group’s clients. IT spoils would then be for sale on the dark web, where he was found precisely by the Bank Security managers who then raised the alarm. According to the site, the content of the database contains confidential and complete information of the users within it. For one thing, no credit card information was leaked; on the other hand, however, the database seems to contain names, surnames, social security numbers, telephone numbers, residential addresses and especially i Codici Identity of integrated circuit card, or ICCID, related to SIMs issued to customers.
The dangers
In possession of these latest data, the number can be transferred to another operator, that is, use the victim’s phone number from another SIM, disabling the original owner. This poses a serious security problem for all those services and websites that use the telephone number to verify identity of a user: from WhatsApp to cloud services from Google, Apple and Microsoft, through credit cards, home banking and even SPID. Those who are able to trace this authentication chain could soon implement actual identity theft or worse, steal even more sensitive data than those that Bank Security claims were stolen.
Doing so is not immediate: being in possession of a SIM so connected to a phone number is not enough to give access to all the digital services linked to that number, and for this you also need user names and their PINs or passwords. However, the data dramatically increases the probability that attacks of this type are successful, especially if they are combined with the trove of other information that, according to Bank Security, has been stolen.
Ho Mobile’s answer
A few hours after the publication of the news by Bank Security, Ho Mobile published a note in which it claims to have “no evidence of massive access to its computer systems that have compromised customer base data.” If there was a data theft, it was done without leaving visible traces to the group’s technicians. Ho Mobile then “initiated investigations for future investigations in collaboration with the investigating authorities.”
If the Bank Security story were confirmed, for the GDPR the group would have the obligation to inform users affected; However, to keep them safe from potential attacks targeting individuals, the only solution could be to replace their phone SIMs, in the meantime blocking ICCID-linked portability operations that compromise the two-factor authentication systems to which they are linked. those numbers. .
[ad_2]
