Major Tunisian internet provider leaks data of nearly half a million customers


A massive leak has exposed clients' data and employees' passwords, raising concerns over targeted attacks after the main internet provider in Tunisia failed to set up a password.

On March 26th, 2024, the Cybernews research team discovered a publicly accessible web server with an enabled directory listing belonging to TopNet.

Founded in 2001, the company is among the top five biggest internet service providers (ISPs) in Tunisia. It runs its service through ADSL and fiber lines and is largely owned by the state.

ADVERTISEMENT
TopNet data leak
Open web directory hosting database backups

Among the files stored on the server were database backups, which exposed the credentials of 972 TopNet employees and over 442,000 customer data. As no authentication was set up on the server, anyone on the internet was able to find and access the data.

Leaked data includes:

  • Names
  • Emails
  • Payment information, including links to receipts
  • Customer support queries
  • Ordered internet packages
  • Plaintext employee credentials

The oldest data stored on the server dates back to 2002, with the newest data being as recent as 2023.

Leaking such large amounts of data puts customers at risk, as malicious actors could misuse the information for spam, scams, phishing, or doxxing attacks.

Furthermore, employee credentials were stored unhashed and in plaintext, which is extremely poor cybersecurity practice, as anyone could read and exploit them.

TopNet data leak
Plaintext employee passwords
ADVERTISEMENT

Threat actors could use employee credentials to breach the company’s security systems, extract more customer information, or use it in future attacks against the company.

According to publicly available information, the company employs 6400 people, meaning that the leak potentially affected 15% of the company’s staff.

Cybernews has reached out to the company for official comment but did not receive a reply before publishing.

TopNet data leak
Payment information, including links to receipts
TopNet data leak
Payment information including addresses

“Such lapses in security can be especially upsetting when it comes to ISPs, as consumers rarely have a meaningful choice of which service provider they can use,” said Aras Nazarovas, information security researcher at Cybernews.

“Internet providers are high-value targets for cybercriminals and APTs, as by compromising an ISP, it is possible to track the customer's activity on the internet to a relatively high extent,” Nazarovas added.

TopNet data leak
Customer support queries
TopNet data leak
Customer information and ordered internet packages

Tunisia is the 4th most internet-connected country in Africa, with 79.6% of the country’s population having internet access as of 2024.

ADVERTISEMENT

Poor cybersecurity practices of ISPs are extremely concerning, as the companies have extensive access to customers' home networks and can cause significant damage if abused.

For example, in June, a South Korean ISP reportedly accessed the devices of 600,000 of its customers to deploy malware that would prevent BitTorrent traffic in its attempt to fight online piracy.