Vodafone Iceland data breach exposed 70000 user personal information

Pierluigi Paganini November 30, 2013

Today the official Vodafone Iceland was breached by group of hackers Maxn3y, left defaced and a heap of data leaked from its servers.

Vodafone Iceland was hacked by the group of hackers Maxn3y (@AgentCoOfficial) who in the past has stolen data from  airports’ systems, electronic giants and fast food company.

The hackers announced via Twitter to have successfully compromised Vodafone Iceland server and defaced the official website (vodafone.is) and various other sub domains including the company mobile site.

Vodafone Iceland data breach5

The hackers disclosed a compressed 61.7MB rar file which is locked with password TURKISH and that contains a collection of files including one titled users.sql that appears to contain the 77,000 user accounts. The file includes user names, social security numbers, encrypted passwords as many other encrypted information.

Another file, MySQL file greind.sql appears to contain a small log of sms history that is dated 2011 as well as a sms logger.

Vodafone Iceland data breach4

The portal CyberWarNews posted the list of files disclosed and provided information on their content.

Vodafone Iceland website was rapidly restored, but at time I’m writing it is not reachable.

Vodafone Iceland data breach2 Vodafone Iceland data breach1

Following the complete list of files leaked.


Multi media database, nothing critical, 400K of user tracking and logging with user agents, refers etc.

sms history with what appears to be full text messages to a from numbers with timestamps, all dated 2011-08-19
SMS logger sender id, sms id, user ip, date.
900k rows of user contact details related to a SMS plan.

user names, ids, encrypted passwords, email addresses, social security numbers, dates, bank details (alot is incomplete)

account managers details
full names, phone numbers, email addresses.

sms_history.sql and signup.sql explained above.

XLS files

kennitala (social security numbers), dates, ticket numbers, campaign ids(unknown campaign), email addresses
count: 23,494

id, code(unknown), msisdn, sms, timestamp(ts)
count: 1001

id, full name (nafn), kennitala(ssn), pnr, confirmed, date, ticket, email, senda, recivier.
count: 4305

id, ipaddresses, user name, encrypted passwords, email addresses, first name, last name, phone, fax, reg date, last active, user level, notes
count: 334

id, school. login. clear text passwords, names, isadmin, active
count: 18

id, timestamp, ip, session id, social security numbers, email addresses
count: 1491

id, phone, social security numbers, email addresses, tickets id, registration status, date, ip
count: 1247

user names, clear text passwords, names, email addresses and permissions
count: 12

cart_id, names, social security numbers, post codes, email addresses, credit card names, nulled credit card numbers and dates, sale amounts.
count: 3086

real name, email addresses, company’s, chairman name.
count: 31

id, content, date, email addresses
count: 1929

usernames,clear text passwords, active, company’s, full addresses, contact numbers, websites, nulled locations.
count: 767

user names, 5x full names, phone numbers, social security numbers
count: 71

names, partner countrys, to iceland (nothing important)
count: 10

session id and details encrypted, (nothing important)
count: 49, 468

file name says all, nothing of importance here.

file name says all, nothing of importance here.

Pierluigi Paganini

(Security Affairs –  Vodafne Iceland, data breach)


you might also like

leave a comment