Un database contenente le informazioni di tutti gli utenti Ho Mobile sarebbe in vendita sul Dark Web, ecco cosa ne sappiamo e cosa rischiano gli utenti se è vero.
Sta facendo molto discutere il presunto caso di “data breach" ai danni dell’operatore telefonico virtuale Ho Mobile, il low cost di Vodafone Italia, reso noto su Twitter dall’account @Bank_Security. Secondo tale segnalazione sul Dark Web sarebbe in vendita un database contenente i dati sensibili di 2,5 milioni di clienti Ho Mobile, cioè in pratica tutti.
I fatti non sono per nulla facili da analizzare, per diversi motivi. Innanzitutto è difficile valutare l’attendibilità della fonte @Bank_Security, che ha moltissimi follower su Twitter e uno storico di tweet che risale al 2013, ma non si qualifica in alcun modo né su Twitter né su Medium, dove ha un blog. In pratica non si sa chi ci sia dietro questo account. Poi non si sa esattamente neanche dove è stato messo in vendita questo database, visto che a diverse domande in merito @Bank_Security non risponde. Poi non c’è alcuna comunicazione ufficiale né da parte di Vei Srl (Vodafone Enabler Italia, la società del gruppo Vodafone a cui fa capo Ho), né da parte di Vodafone Italia stessa [Aggiornamento: la risposta ufficiale è arrivata: la riportiamo in fondo all’articolo] . Ma se quanto letto su Twitter fosse vero, cosa rischierebbero i clienti?
Ho Mobile: quali dati sarebbero stati rubati
Secondo la segnalazione di @Bank_Security il database in vendita sarebbe pieno zeppo di dati sensibili degli utenti, che potrebbero tornare molto utili ad hacker e truffatori di ogni tipo.
Nome, cognome, indirizzo email, numero di telefono, indirizzo completo, codice fiscale, numero di telefono, data di attivazione e di scadenza della SIM telefonica sono solo alcune delle informazioni rubate. All this multiplied by 2.5 million customers.
Ho Mobile: What are the risks for users
The data just described is more than enough to carry out 2.5 million identity thefts: whoever buys that database has all the information needed to create fake profiles with which to carry out scams, phishing and other computer crimes.
Those who buy that data could then sell part of it (for example phone number, name and surname) to those interested in sending spam or smishing SMS, i.e. phishing via SMS.
But there is another piece of data, among those that would have been stolen from Ho Mobile, that is worrying: the ICCID (Integrated Circuit Card-Identity) code of Ho Mobile users' SIM cards. This 19-digit code is the one that uniquely identifies each SIM and is needed to change operators but also to clone a SIM.
This is the so-called "SIM swap", a type of hacker attack that is difficult to carry out (but much easier if you have the ICCID code) thanks to which a cybercriminal can clone a SIM, effectively stealing the user's phone number.
Since many two-factor authentication systems use the phone itself as a second factor, someone who steals our SIM can easily hack all accounts that use that phone number for authentication.
Including social accounts and many email accounts, but also the Amazon account in which there is perhaps at least one credit card registered.
Ho Mobile data theft: what users should do
If, and we repeat if, this huge data breach was confirmed, it would not be news to be taken lightly. Especially for Ho Mobile users who, as we have seen, would risk a lot.
A clarification from Ho Mobile and/or Vodafone, therefore, would be absolutely necessary. While waiting to know if the news is true or false, however, users would do well to protect themselves.
The first step is to remove the Ho Mobile phone number from any web and app accounts. Then you should disable two-factor authentication via that number, perhaps replacing it with a hardware device or a software token such as Google Authenticator.
If your WhatsApp profile is linked to your Ho Mobile number, finally, it is absolutely advisable to change your number on WhatsApp to prevent that profile from being stolen and used for illicit purposes.
Update at 13:30: Ho Mobile's official response
Late this morning, after repeated requests from users and the press, Ho Mobile issued an official note about the alleged theft of its users' data. Here it is:
"With reference to some indiscretions published by the press, ho.mobile has no evidence of massive access to its computer systems that have jeopardized the data of the customer base. We have begun investigations in collaboration with the investigative authorities for further study".
The telephone operator, therefore, denies that there has been a data breach but, at the same time, affirms that it is collaborating with the investigations into this affair. In the meantime, however, begins to turn on the Web the rumor that the amount requested for the phantom database would be very low: just 500 euros.