From Data Leak to Account Takeover: How SIM/PUK Exposure Enables Fraud

Written by Tampere University

We in the SafeHorizon project continuously monitor clear/deep/dark-web sources and breach dumps to map Crime-as-a-Service supply chains and surface evidence for defenders and law enforcement. Incidents like Orange Belgium’s demonstrate how telecom metadata circulates in underground markets and why correlating leak chatter with real-world victim targeting is critical.

At the end of July, Orange Belgium disclosed a breach exposing data from about 850,000 customer accounts, including SIM card numbers and PUK codes—exactly the fields criminals repurpose for SIM-swap takeovers. Passwords and payment data weren’t compromised, but the exposed SIM artefacts significantly increase the risk of account hijacking.

SIM/PUK details streamline fraudulent number transfers and interception of one-time codes—turning a telecom breach into a cross-account problem (email, banking, crypto, SSO). Expect targeted phishing and reset attempts following media coverage.

• Add port-out/SIM locks and an account PIN with your carrier—mandatory for execs and high-risk roles.
• Move critical accounts from SMS 2FA to passkeys (FIDO2) or an authenticator app; keep SMS as a backup.
• Please update your recovery options by removing outdated numbers, adding a backup email, and storing backup codes in a password manager.
• Watch for warning signs: sudden “No Service,” unsolicited code texts, or new-login alerts.
• If you suspect a swap, call your carrier from another device to reverse any SIM change, then change your email password first and review active sessions.

References:
https://corporate.orange.be/en/node/57971
https://bleepingcomputer.com/news/security/orange-belgium-discloses-data-breach-impacting-850-000-customers/