The lists are purported to contain the personal details and credit card numbers of Saudi citizens and residents stolen from local eCommerce sites.
In calls made to about one-fifth of those noted on the lists, it was clear that there was a mismatch between the credit card numbers and names.
The names, e-mail address and telephone numbers are correct but the credit card numbers are not a match.
Arguably, not every individual on the list has been reached.
Arab News, however, has learned that local banks are making their own investigations and thus far are discounting the validity of the credit card information.
Efforts were under way from early morning to remove the lists from the Web but that was an hours long process giving criminal elements plenty of time to download the lists.
This does not mean that the people identified on the lists are out of danger.
Due to the match between cellphone number, email and in some cases full name, these consumers should expect that they will be subject multiple types of attacks from outright hacks of their email to social engineering manipulation.
For instance, when Arab News telephoned named individuals to check the veracity of the list, in many cases, the people offered to read out their credit card information.
This was despite the fact that the individuals knew that the person on the telephone was a journalist and not a bank's representative.
One customer, Wael, advised that he was Syrian, not Saudi — and he wondered if the hacker knew this.
Of course, that was another piece of personal information revealed to go along with what was already known.
The contacted individuals were furious and all expressed gratitude for being informed that their personal information had been exposed.
Most asked what they should do to protect themselves.
Arab News' advice was to contact their banks immediately and discuss the situation.
If the revealed e-mail and telephone number were linked to financial accounts, it would be prudent to change them. If that is too difficult then the hacking victims must be vigilant for social engineering attacks and other fraud.
This attack demonstrates how essential it is to shield personal information, especially those details such as e-mails and mobile numbers that are linked to financial accounts.
Be aware that banks do not telephone asking for personal information or confirmation of credit card numbers.
Set up a throw away e-mail to for casual usage.
Some mobile handsets allow the use of two SIMs.
Consider running one cell number to be given out at will and another number only for close family and financial usage.
Don't offer personal information that's not required — use a nickname in online registrations and be selective in the distribution of business cards.
Your personal information is valuable. Think twice before giving it away.
