A threat actor identified as Jack_back has listed a massive trove of data allegedly belonging to Vodafone Egypt customers on a dark web forum. The database, posted for sale on June 13, 2025, contains personal information of nearly 29 million users and is being sold in CSV format.
The leaked sample shows highly sensitive details including full names, telephone numbers, Facebook profiles, email addresses, usernames, city and location data, and even device types. This leak is one of the largest telecom-related breaches impacting Egypt to date.
The actor, who holds VIP status on the forum, claims the full dataset was extracted on 01/06/2025 and has already gained notable visibility on the underground platform, with over 300 views in less than a day. Based on the structure of the sample, the information appears to be organized and ready for exploitation by cybercriminals.
This breach raises serious concerns for both users and the company. The exposed data could be used for phishing attacks, identity theft, account takeovers, and social engineering campaigns at scale. Given the inclusion of Facebook URLs and device information, attackers could personalize their lures, making them more convincing and damaging.
Egyptian authorities and Vodafone Egypt need to act swiftly to investigate the source of this breach, notify affected customers, and implement urgent mitigation measures. Affected users should be advised to change their passwords, monitor account activity, and be cautious of unsolicited messages or calls.