The authors of the cyberattack that has affected the chain of telephony stores Phone House have published on the ‘dark web’ the data of supposedly 13 million of its users obtained through a ‘ransomware’ attack, after threatening the company with disclosure if it did not pay a financial ransom.
Among the data of the 13 million customers and employees of the chain is personal information with their full name, email, date of birth, phone number, home address, nationality and even identity documents and IMEI codes of the devices, as the authors have stated in their initial communication.
This attack, which became known on Wednesday, was carried out by the cybercriminals responsible for the corporate Babuk ransomware, who were able to access a “complete copy” of ten Oracle databases and had already published a part of them.
The hackers threatened to do the same with the rest of personal information if they did not receive the payment of a ransom and, now, they have leaked through the Dark Internet, or Dark Web, the data of supposedly 13 million customers of Phone House, as reported by the cybersecurity company Hispasec on its blog.
The information is accessible through the private Tor network, in the form of a ‘csv’ data table format file, and they are found without any encryption. The authors assured that it was more than 100GB of “sensitive data”.
Information pertaining to part of the leak data has been included on the ‘Have I Been Pnewd?’ Web page, where users can enter their email to see if they have been affected. This website currently collects 5.2 million email addresses from Phone House accounts.