Brinztech Alert: Database of WorldSIM is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database belonging to WorldSIM, a global provider of international roaming SIM cards and eSIMs. The dataset reportedly contains 200,000 rows of user data and is being sold for a low price of $500.

This claim, if true, represents a critical telecommunications and travel security breach. Target Analysis: WorldSIM specializes in keeping travelers connected globally. The data for sale is not just customer PII; it includes the technical “keys” to the SIM cards themselves:

• ICCID (Integrated Circuit Card Identifier): The unique serial number of the physical SIM card.
• PIN & PUK (Personal Unblocking Key) Codes: The security codes used to lock/unlock the SIM.
• Passport Details: Required for KYC (Know Your Customer) compliance in many countries where WorldSIM operates.
• Fraud Indicators: Fields like “Blocked Due To Suspected Fraud” and “Legitimate Customer ?”.

The exposure of ICCID and PUK codes is a “smoking gun.” With this data, an attacker can potentially bypass carrier security checks, unlock stolen SIM cards, or facilitate SIM swapping attacks with much higher success rates because they possess the technical verification data that support agents often use to validate a user’s identity.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Critical SIM Card Data Compromise: The exposure of SIM card numbers, ICCID, PIN, and PUK codes presents a severe threat. Attackers can use PUK codes to unlock SIMs they have physically stolen or use the ICCID to impersonate the subscriber to carrier support for SIM swaps.
• Comprehensive PII Exposure: The breach includes highly sensitive data such as passport numbers, driving license verification, and full names. This is a complete identity theft kit, especially dangerous for international travelers who may be targeted for physical theft or surveillance.
• Fraud Vulnerability Amplification: The presence of fields indicating fraud suspicion (“Blocked Due To Suspected Fraud”) allows criminals to target “clean” accounts while avoiding those already flagged, or to reverse-engineer WorldSIM’s fraud detection logic.
• Accessibility Due to Low Price: The low asking price of $500 for such a substantial and sensitive dataset significantly lowers the barrier for entry. This guarantees the data will be sold to multiple low-level threat actors, leading to a wave of uncoordinated attacks.

Mitigation Strategies

In response to this claim, WorldSIM users and the company must take immediate action:

• Immediate User Communication: WorldSIM must proactively notify all potentially affected users. Transparency is critical to preventing successful SIM swaps.
• Liaison with Mobile Carriers: WorldSIM should collaborate with its partner mobile network operators to flag the compromised ICCID ranges. PUK codes for affected SIMs should be rotated or the SIMs forcibly expired and replaced.
• Enhanced Fraud Detection (SIM Swap): Implement heightened monitoring for SIM swap attempts. Any request to port a number or swap a SIM associated with this dataset should require step-up verification (e.g., video call, physical ID presentation) rather than just standard security questions.
• Credential Reset: Users should be advised to change their WorldSIM passwords immediately. Crucially, they should remove SMS 2FA from their banking and email accounts and switch to an Authenticator App, as their phone number is now a high-risk vector.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com