Attackers are boasting that they’ve obtained over a million records from Italy’s national post, Poste Italiane. However, the Cybernews research team says the supposed leak looks a lot like old data with made-up details.
The attackers announced the supposed Poste Italiane data breach on a popular data leak forum used to trade in stolen details. They claim they have obtained a large database that includes Poste Italiane customer names, tax codes, and other personal details.
Poste Italiane is the Italian postal service provider, co-owned between public development bank Cassa Depositi e Prestiti (CDP) and Italy’s Ministry of Economy and Finance. The company’s yearly revenue exceeds €12 billion ($14 billion), while its staff numbers 120,000.
The company told Cybernews that while it is aware of the attacker claims, no data was taken from its systems. Moreover, Poste Italiane did not experience any disturbances to its daily operations.
“No data has been stolen or transferred from our information systems. The operation and security of the company's digital services have not been compromised. Poste Italiane reiterates that customer security is a priority and urges users to never disclose their login credentials, to change their passwords periodically, and to not use the same credentials for different accounts and services,” Poste Italiane representative tol Cybernews.
Meanwhile, the Cybernews research team looked into a data sample that attackers attached to the alleged sale. The team noticed several strange issues with the data. For example, several fields in the allegedly stolen database appear to be made.
“Looks like they took a large dataset of stealer logs, filtered out accounts for Poste Italiane, and then tried to enrich the data with fields such as tax code and date of birth. The data also includes duplicates as well as incomplete entries, such as missing email addresses,” the team said.
Our researchers concluded that the post’s authors enriched data from older data leaks to make it look more dangerous than it actually is. In other words, Poste Italiane has not suffered a novel data breach.
Attackers could have several reasons for posting old data and asking for money for it. Most obviously, with “no honor among thieves” in mind, the attackers likely want to see if anyone would be willing to pay, even for older information.
Paradoxically, another motive could be linked to reputation-building. Data leak sites heavily rely on what others think about them and novice users need to establish that they have something to offer. And boasting of having data from one of Europe’s largest postal services will not go unnoticed.
Others could post similar datasets to test how secure the forum itself is or even try to set up honeypot datasets that lure in criminals who might later inadvertently reveal their identities to law enforcement agencies.
Updated on September 19th [09:00 a.m. GMT] with a statement from Poste Italiane.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked