115 Million Pakistani User Data Leaked on Dark Web: Details & Analysis
The dark web, a notorious hub for illegal activities ranging from illicit content to data dumps, has become the center of attention due to a significant data breach. Recently, the personal data of approximately 115 million Pakistani mobile users was leaked, exposing personally identifiable information (PII) records. This breach was discovered in April 2020 by Rewterz, a Pakistani cybersecurity firm, which found the data dump on an undisclosed dark web site. The cyberattacker aimed to sell the 115 million Pakistani user records with a starting bid of 300 bitcoins (around 1.2 million US dollars). The advertisement highlighted the clean and organized CSV format of the data. Who is Responsible for the Breach? Despite extensive investigation, the hacker’s identity remains unknown. It’s evident that this wasn’t their first breach, as they displayed a professional approach in the public broadcast. The threat actors even held a premium account on the hacker forum where the data was advertised. Cybersecurity experts suspect that the breach wasn’t confined to one telecom company but was the result of multi-organizational cyberattacks over a prolonged period. Most entries were from Jazz mobile network (formerly Mobilink). Contents of the Data Dump According to the cyberattacker’s ad and a ZDNet report, the data dump included information about individual citizens and local companies. The data was verified through digital records and personal calls, classified into: The CSV format columns included: Concerns and Impact A significant portion of Pakistan’s population is affected by this breach, with potential misuse of the leaked data. The Federal Investigation Agency (FIA) and Pakistan Telecommunication Authority (PTA) launched an investigation immediately. However, even after a month, no significant progress or recoveries have been reported. Cyber-researchers’ deep analysis revealed that the telephone-subscription dates in the records go back to 2013, indicating that the attackers might have been sitting on this data for years. This raises concerns about the extent to which the data might have been exploited. Jazz Mobile Company has been under scrutiny, but without concrete evidence, it’s unclear who exactly is to blame—the mobile operators, telemarketing firms, or government organizations themselves. Accountability The question remains: who is responsible for this massive data breach? Should the blame fall on the hackers or on the companies that failed to secure their servers? This breach underscores the urgent need for improved cybersecurity measures and strict regulations to protect personal data.