-
A hacker says they’ve got their hands on millions of records from Telekom Srbija and six other Serbian telecom brands.
-
The leak supposedly includes national ID numbers, device serials, and employee info too, plus service details and other sensitive stuff.
-
No one has verified the data yet, but if it turns out to be legit, Serbian users could face many risks, including SIM swap attacks, identity theft, and scams that target them directly.
A threat actor is claiming they’ve stolen seventy-two million records from Serbia’s telecom companies. The alleged data has names, ID numbers, addresses, phone details, etc.
Details of the Alleged Data Leak
One cybercriminal posted on a dark web forum claiming they have a large dataset allegedly linked to a lot of Serbian telecom providers. They named big brands, including Yettel Serbia, Telekom Serbia, and A1 Serbia. It also plays in CETIN Serbia, SBB, Orion Telekom, and YUNET.
Considering that Serbia has less than seven million people, the 72 million records claim seems suspiciously large. Experts think the data might come from multiple sources. So we’re guessing the data might come from multiple sources, old internal records, duplicated entries, etc. Maybe the hacker scraped operational data. Or maybe they’re just inflating the numbers for attention or to hike the resale value. Who knows?
The listing shows an alarming range of fields. It’s a lot. Full names appear first. Then national ID numbers associated with Serbia’s JMBG system. There are also addresses and mobile phone numbers. The actor’s list has partner IDs and customer IDs in it as well.
The exposure of national ID numbers is a growing concern across Europe. French authorities are investigating a teenager over an alleged data breach involving 11 million ID records, highlighting how young cybercriminals are increasingly targeting identity databases. Installation details, service package info, and device serial numbers are all part of the sample.
Even employee and distributor information is among the alleged cache. Plus service metadata and infrastructure details. That mix feels different, not your usual customer database. Employee data and infrastructure metadata? That suggests internal systems got hit. Or someone just gathered together many smaller leaks into one giant file.
Currently, no official confirmation exists. And no Serbian telecom has admitted anything. As for authorities? They’ve not made public statements either.
Implications of the Alleged Breach
Look, a lot of things are at stake here. If the data is legit, criminals could launch SIM swap attacks (they trick your carrier into moving your phone number to their own SIM). Once they control your number, they can just reset your banking passwords, even your email logins.
Then there’s telecom fraud. Having your details makes their lies sound pretty convincing. Attackers could pose as customer support agents. They already have your name, address, and service details. What about identity theft? That just follows naturally when you have this much personal info out there. Your national ID number, your phone number, and your address are a gold mine for scammers.
Serbian speakers might become targets of Social engineering campaigns. Phishing attacks too. Attackers could send messages referencing your actual installation date or device serial number. That builds trust fast. Infrastructure reconnaissance worries the companies most.
Hackers could study service packages, network metadata, and anything to find weak spots. Insider targeting becomes possible as well, but only if employee records are actually in that dataset. And attackers can reset your credentials by answering your security questions using your real info.
Steps to Keep Safe
Try not to panic but act fast. Change your telecom account passwords today. Seriously. Use different passwords that are complex and hard to guess for each service. Then turn on two-factor everywhere possible. But use an authenticator app for this, not SMS. Text codes are vulnerable during SIM swaps.
Watch for unusual account activity. A sudden password reset request you didn’t initiate might be a sign. Or you suddenly lose connection on your cell phone without knowing why. Those are warning signs. Call your provider if you notice any of those. Immediately. Ask them to add extra verification steps. Some carriers offer port freeze or SIM swap protection. Turn those on.
Trust no one. Assume that any calls or texts pretending they’re from your telecom could be from scammers. If you get such, hang up and verify with the company’s official support number. Never share verification codes with anyone who calls you. Legitimate support will never ask for those.
Companies should monitor dark web resale channels right now. They need to audit internal operational systems too. Reviewing third-party vendor access is crucial as well. And they must alert customers about phishing risks. No delays.
The claims aren’t yet verified. But for now? Assume your data is in that file. Protect your accounts as if the leak is real. Better safe than sorry.
