A massive data breach has allegedly took place in Egypt, with a threat actor claiming to be selling a database containing personal information of 85 million Egyptian citizens is reportedly being offered for sale on a hacking forum, for around $3,000. According to the post, the database includes national ID numbers, full names, family names, mothers’ names, insurance numbers, and mobile phone numbers.
According to the claims made and posted on April, 7th on the underground hacking “Breach Forums”, the leaked database includes sensitive data such as National Identification Numbers (NIDs), full names, family information, mother’s names, insurance numbers, and mobile phone numbers.
The legitimacy of this alleged breach has been investigated by the Dutch based cybersecurity firm Dark Entry. Through their analysis, they have confirmed the authenticity of the data using multiple verification methods.
Firstly, Dark Entry took sample records from the leaked data, including national ID numbers and mothers’ names, and cross-referenced them on the reportedly breached website, finding that the information matched precisely.
Secondly, Dark Entry contacted the threat actor and requested verification by providing national ID numbers of some of their team members or their relatives, both living and deceased. Within a minute, the actor was able to retrieve the corresponding full names and insurance details accurately.
Thirdly, the validity of the data and the swift retrieval process led Dark Entry to suspect a vulnerability in a specific website, which unfortunately proved to be true. They promptly reported the details to the relevant authorities for further investigation, and the vulnerability has since been addressed.
While the sheer number of 85 million records might seem unrealistic for a single entity in Egypt, Dark Entry explained that duplicate entries could exist due to individuals having multiple insurance records associated with different employers or organizations, each with varying phone numbers and insurance details.
This is a developing story, and more information may come to light. I will keep you posted with any updates or further details.
