[ad_1]
A hacker attack managed to steal personal data and simulation of Ho Mobile customers. This was announced today, in an official note, by the same mobile phone operator from the Vodafone group. News of the theft emerged last week, to which Ho Mobile had replied that it was investigating and that there was currently no evidence. Today the confirmation, from which other details of what happened, although many aspects remain to be clarified such as the number of users involved and how the hackers managed to enter the operator’s systems.
Ho Mobile announces that only “part” of the clientele was affected. From the checks, “still ongoing, it appears that some data from the customer base was illegally stolen with reference only to the personal and technical data of the sim,” the note reads. With this data, it is confirmed that the risk for users would be sim swap, a hacking that is growing strongly in Italy, as also recently detected by the Communications Authority. With this data, criminals can theoretically obtain a simulation on behalf of the victim by contacting one of the operator’s distributors. With the new sim they can steal passwords that arrive via sms and then enter, for example, a bank account, authorize credit card payments or even take control of a digital account.
I have Mobile, just like a Republic, has activated multiple security controls to know the identity of the users and the effective ownership of the sim in the event of a request to change it. The other positive data is that “no data related to traffic (text messages, phone calls, web activities, etc.), nor bank details or data related to any payment system of its customers have been removed in any way”. Therefore, Vodafone has blocked the intrusion, preventing it from causing further damage, and has activated security systems to prevent it from happening again. The operator announces that it has already filed a complaint with the investigating authority and informed the Privacy Guarantor, “with whom it is working in close contact.”
What should Ho Mobile users do?
The operator is contacting the users involved. In any case, now all customers can get a free replacement of their sim, but for security reasons they must do so in person at one of the authorized stores.
The data has been for sale on the dark web since December 22, so criminals may have already managed to make some sim substitutions in the meantime, even if there aren’t currently any.
Experts, against the risk of sim sharing, generally advise not to activate password sending systems via sms (better through the application, even if many services do not support this alternative). “Anyone who has a Ho Mobile number associated with a service (banking or digital, such as WhatsApp) would do well to replace it with another number,” advises Paolo dal Checco, an expert in computer forensics.
The attack on Ho Mobile must be contextualized in a scenario of strong growth of hacker attacks, during the pandemic, as also stated in a government year-end report. Large companies, such as Campari, and critical infrastructures such as the European Medicines Agency were involved (criminals were looking for confidential information about covid vaccines; for the same purpose, the attack on the IRBM in Pomezia that produces them).
