Cybersecurity firm CloudSEK last week claimed in a report that hackers are selling 1.8TB database containing details of 750 million Indian mobile consumers on the dark web. In response to claims made by the firm, the Department of Telecom (DoT) has asked service operators to conduct security audits of their systems.
A cybersecurity firm called CloudSEK reported that a 1.8TB database containing personal details of 750 million Indian mobile users was being sold on the dark web. The database allegedly includes names, mobile numbers, addresses, and even Aadhaar details.
The breach is believed to have involved data from multiple telecom operators in India.
Citing CloudSEK, news agency PTI reported that the hacker, however, has denied involvement in the breach, saying the data was acquired through undisclosed means within law enforcement channels.
“The DoT has asked telecom operators to get a security audit of their systems,” a senior government official was quoted as saying. The officer, however, said that telecom operators have informally told the department that the leaked information appears to be a compilation of old data sets rather than a vulnerability within their systems
The department has nonetheless urged operators to undertake security audits as a precautionary measure.
What CloudSEK’s report said
CloudSEK claimed in its report that its researchers have found that CYBO CREW affiliates CyboDevil and UNIT8200 have advertised a massive Indian Mobile Network Consumer Database for sale.
“This extensive mobile network database contains sensitive details belonging to a staggering 750 million individuals.
The firm, which engages with government cyber security CERT-In, said the breach, which CloudSEK discovered on January 23, prompted the firm to follow responsible disclosure practices by informing relevant authorities and impacted organisations.
The data, available for sale, is compressed to 600GB and uncompressed to 1.8 TB, posing significant risks to both individuals and organisations. The threat actor has demanded USD 3,000 for the entire dataset,” the report said.
threat intelligence and security researcher at CloudSEK, said the sample provided by the threat actor has been verified, with the associated mobile numbers spanning across major Indian telecom operators and the Aadhaar numbers confirmed as valid.
Potential Impact
If the data leak is confirmed, it could be one of the largest data breaches in history. Millions of people could be at risk of identity theft, financial fraud, and other forms of cybercrime.
The leak could also raise concerns about the security of Aadhaar, a unique identification number that is widely used in India for various purposes.
It’s crucial to remain cautious about sharing personal information online and use strong passwords for online accounts.
If you suspect your data might be compromised, consider changing your passwords and contacting your relevant financial institutions immediately.
