I have the alleged personal data of 2.5 million customers for sale for $ 500. No confirmation that they are real

To update: the data would be for sale for only $ 500 and although multiple sources have confirmed that it would be real data, we are trying to verify it ourselves. At the moment there is no confirmation from Vodafone

The data of all customers of Ho Mobile, Vodafone’s virtual operator, would be for sale on Darkweb. The news was delivered yesterday after dinner by BankSecurity on Twitter, an absolutely trustworthy site that reports the presence of sensitive material online after careful verification.

The data would have been stolen taking advantage of a vulnerability in the web or application platform, and even if there is no confirmation from Vodafone at the moment, the feeling is that, unfortunately, everything is true. We contacted Bank Security, which has a sample of this data made up of 10 users, and although it did not want to give us that sample for verification because it is sensitive data helped us in some cross checks and the data looks real.

Two clarifications. There are no passwords of any kind and no credit card details.: in the database there are only personal data such as name, surname, address, telephone number, email address and customer code in addition to the data of the SIM in possession including the ICCID, Integrated Circuit Card-Identity.

The reason why this data is for sale and has value is precisely for the presence of the ICCID, the unique secret code of a SIM that allows the portability of the number, combined with the email address.

Whoever comes into possession of this data could carry the number of a particular person in a new SIM using them to access services that use two-factor authentication. These services often send confirmation codes directly to your personal phone number, and an attacker could use them to change passwords for confidential accounts and then access them. Google or Amazon, for example, allow you to change your password with verification on your smartphone.

Obviously we ask Vodafone for confirmation and we are waiting for a response. Needless to say, such an event would be of unprecedented severity, and the only way to remedy it would be Immediately replace SIM cards for 2.5 million customers by suspending portability until they have been replaced.. We will follow this closely.