Outdated bank accounts: how fraudsters gain access to 'Diia' through them

Risks of outdated bank accounts

According to ХВИЛЯ: Outdated bank accounts can pose serious cybersecurity risks, especially in light of recent breaches of the 'Diia' system. The loss of control over mobile numbers, as well as inactivity of bank accounts for more than 12 months, creates favorable conditions for fraudsters. In 2025, there is an increase in cases of 'Diia' breaches through old bank accounts, raising concerns among experts.

Fraudsters actively search for accounts that have not been used for 3–4 years. It is important to note that mobile operators can reissue numbers after 12 months of inactivity, giving attackers the ability to regain access to online banking and 'Diia' through the BankID system. Experts criticize 'Diia' for lacking its own identification system, making it vulnerable to such attacks.

Threats and recommendations

Fraudsters can use stolen data to apply for microloans and other financial operations. It is also noted that attackers hunt for data in messengers like Telegram and Signal. They can steal phone numbers through so-called 'night calls', adding yet another level of risk for users.

Representatives of the Ministry of Digital Transformation of Ukraine stated that it is impossible to mass hack 'Diia', however, the vulnerability of banking systems remains a serious risk.

To reduce the likelihood of becoming a victim of fraudsters, experts advise:

• closing inactive accounts;
• checking the validity of phone numbers;
• using two-factor authentication.

This will significantly increase the level of security for personal data in the digital environment.

This situation highlights the need for active management of one's finances and personal data against the backdrop of increasing cybersecurity threats. Considering that fraudsters are becoming more sophisticated in their methods, users should remain cautious and regularly check the security of their accounts. Efforts to raise awareness of the risks and implement new authentication technologies can significantly reduce the likelihood of successful attacks.