Brinztech Alert: Massive Database of 20 Million CelcomDigi Customers on SaleBrinsztech Alert:

Cyber Breaches Threat Intel today18/08/2025

Background
share close

Dark Web News Analysis: CelcomDigi Customer Database for Sale

A massive database, reportedly belonging to CelcomDigi, a leading Malaysian telecommunications company, is being advertised for sale on a hacker forum. The dataset is of national significance, containing the personal and subscription information of over 20 million customers.

The breach is claimed to be very recent, having occurred in August 2025, making the data highly valuable to criminals. For an asking price of $5,000, the threat actor is selling a comprehensive collection of Personally Identifiable Information (PII), allegedly including:

  • Full Names and Contact Details (Phone Numbers)
  • National Identification Numbers (likely MyKad)
  • Physical Addresses
  • Customer Subscription Details

A data breach of this magnitude at a national telecommunications provider represents a critical threat to the digital and financial security of millions of individuals.

Key Cybersecurity Insights

A telecommunications data breach is uniquely dangerous because it provides the key to compromising a victim’s entire digital life. The key implications include:

  • A National-Level Threat Enabling Mass SIM Swapping: This is the most severe and immediate threat. With a customer’s full name, phone number, and national ID number, criminals have all the information required to execute SIM swap attacks on a massive scale. By socially engineering mobile carrier employees to transfer a victim’s phone number to a new SIM card, attackers can intercept all incoming calls and text messages, including SMS-based Two-Factor Authentication (2FA) codes. This allows them to take over banking, cryptocurrency, and email accounts.
  • The Unusually Low Price is a Major Red Flag: A fresh database of 20 million records from a national telecom, including national IDs, would typically command a much higher price than $5,000. This extremely low price could mean one of two things: 1) The seller’s primary motive is not profit but to cause widespread chaos by ensuring the data is distributed as quickly and broadly as possible. 2) The claim could be a scam, using a high-profile name to sell fake or old data. However, given the potential for catastrophic harm, the threat must be treated as credible.
  • A Goldmine for Smishing and Vishing: Telecommunication companies are in a unique position of trust with their customers. Attackers will use this leaked data to launch hyper-realistic SMS phishing (smishing) and voice phishing (vishing) campaigns. They can impersonate CelcomDigi support, citing real account details to trick users into revealing passwords, financial information, or installing malware.
  • Severe Regulatory and Reputational Consequences: A confirmed breach of this scale would be a catastrophic event for CelcomDigi. It would trigger a major investigation by Malaysia’s data protection authorities under the Personal Data Protection Act (PDPA), likely resulting in maximum financial penalties and an irreversible loss of public trust.

Critical Mitigation Strategies

An urgent response is required from the company, and proactive defense is essential for all Malaysian mobile users.

  • For CelcomDigi: Urgent Investigation and Public Warning: CelcomDigi must immediately launch a top-priority investigation to validate this extremely serious claim and identify the source of the leak. A proactive, nationwide public warning is essential to alert its 20 million+ customers to the imminent and severe risk of SIM swapping and smishing scams.
  • For CelcomDigi: Immediately Harden All Account Security and SIM Swap Protocols: The company must immediately review and significantly strengthen the identity verification procedures required for a customer to perform a SIM swap or make changes to their account. Enhanced monitoring of customer accounts for signs of takeover is also critical.
  • For All CelcomDigi Customers: Protect Yourself From SIM Swapping: All customers should immediately contact CelcomDigi to inquire about adding an extra security PIN or password to their account to help prevent unauthorized SIM swaps. Be on high alert for any sudden and unexpected loss of mobile service, as this is a key indicator that you have become a victim of a SIM swap.
  • For All CelcomDigi Customers: Immediately Upgrade to App-Based 2FA: This is the most critical personal defense. All customers should immediately review their important online accounts (banking, email, social media, crypto) and switch from SMS-based 2FA to a more secure, app-based authenticator (like Google Authenticator or Authy) or a hardware key. These methods are not vulnerable to SIM swapping.

for report this post please contact us: contact@brinztech.com

Written by: Threat Intel

Rate it
Previous post
Similar posts

Cyber Breaches Threat Alert / 19/09/2025

Brinztech Alert: Database of Click Into Wealth is on Sale

Dark Web News Analysis A threat actor on a known cybercrime forum is claiming to sell a user database that they allege originates from “Click Into Wealth,” an online platform related to wealth generation. According to the seller’s post, the compromised data contains sensitive user information, including full names, physical addresses, phone numbers, and email ...

Read more trending_flat

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *

Brinztech is a leading technology solutions provider dedicated to empowering businesses in the digital age. Founded in 2013

Useful Link
Contact Info
Follow us