Brinztech Alert: The Alleged Database of Lyca Mobile is Leaked

Dark Web News Analysis

The dark web news reports a potential data breach affecting Lyca Mobile France, with a significant database containing over 1.2 million customer records allegedly leaked on a hacker forum. The compromised dataset is highly technical and specific to the telecom sector. The leaked fields reportedly include Personally Identifiable Information (PII) such as customer names, email addresses, and account numbers, alongside critical network identifiers like Mobile Numbers (MSISDN), ICCID (SIM card serial numbers), and IMSI (International Mobile Subscriber Identity). The data is claimed to originate from January 2025.

Key Cybersecurity Insights

The exposure of technical telecom identifiers creates risks that go far beyond standard identity theft:

• High Risk of SIM Swapping: The exposure of ICCID and IMSI numbers is critical. These unique hardware identifiers are often used by support agents to verify a customer’s identity during a “lost SIM” recovery. Attackers can use this data to impersonate victims, request a SIM swap, and hijack the victim’s phone number to bypass Multi-Factor Authentication (MFA) on banking and crypto accounts.
• Telecom-Specific Fraud: With IMSI and account details, attackers could potentially initiate unauthorized service changes or port-out requests to transfer the number to another carrier without the user’s consent.
• Targeted Phishing Campaigns: The combination of email addresses and mobile numbers allows for multi-channel phishing. Attackers can send SMS messages (“Smishing”) pretending to be Lyca Mobile technical support, warning of “service interruption” to trick users into clicking malicious links.
• Geographic Focus: The leak specifically targets France. This localized data allows threat actors to tailor their attacks using French language templates and referencing local regulations to increase credibility.

Mitigation Strategies

To protect customers from account hijacking and fraud, the following strategies are recommended:

• Enhanced Monitoring for SIM Swaps: Lyca Mobile must implement strict protocols for SIM replacement or port-out requests. This includes requiring a physical ID check in-store or a one-time PIN sent to the old device (if active) before authorizing any changes.
• Password Resets and Security Alerts: Promptly advise Lyca Mobile France customers to change their passwords and update their security questions. Since the data is from January 2025, accounts may have been vulnerable for months.
• Phishing Awareness Campaigns: Conduct a targeted awareness campaign via SMS. explicitly warn customers that Lyca Mobile will never ask for their password or credit card details via text message.
• Compromised Credential Monitoring: Implement monitoring services to detect if these Lyca Mobile account credentials are being tested against other major French online platforms (e-commerce, banking).

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com