Disseminated the personal data of more than a million Phone House customers after not paying the ransom of the cyberattack suffered




Two days ago we said that Phone House had been the victim of an alleged cyberattack (which the company has not yet confirmed today on the 21st). Those responsible for the cyber attack, in turn responsible for Babuk, a ransonware, demanded a ransom so as not to spread the database obtained in the cyberattack, which contained the data of three million people.



El Confidencial, who reported the breach in the first place, said today that after not paying the ransom, a part of the data has been leaked on the Internet. From Genbeta we can confirm that this is the case, since we have accessed the data and at this moment we have a spreadsheet with the data of 1,048,575 million people.



Filtered sensitive data such as ID, mobile numbers, addresses, etc.




Phone House 1




The file we have accessed arrives compressed in gz format. When unzipping it, we find a 5.77 GB .csv file. It arrives messy, but to process it you just have to separate it by commas.



After doing it we find a worrying reality, as we see customer identifiers, DNI, some passports, emails (many of them repeated and considered false), mobile phone numbers (most of them correct), landlines, date of birth, nationality, physical addresses, postal codes, provinces , cities, etc. In many cases, the store where customers registered is also included.



The attackers warn that it is only a first part of the database, so it is still to be expected that they will upload much more content in the event that Phone House does not pay the ransom. They may not even have a chance to do it anymore. There are citizens of many nationalities.



As this data is delivered, it is very useful for hackers, as was the case with the recent Facebook leak, whose data is a joy to scam attackers like Flubot.