Following allegations of data leaks affecting 750 million telecom users, India's Department of Telecommunications (DoT) is urging service providers to conduct a security audit of their systems.
CloudSEK, a cybersecurity firm, recently disclosed that it discovered hackers— CYBO CREW group affiliates, CyboDevil, and UNIT8200— advertising a massive Indian mobile network consumer database for sale on the dark web.
These threat actors have previously been linked to major breaches, targeting a variety of organizations in the automotive, jewelry, insurance, and apparel industries. As per the threat actor's claims, the dataset reportedly encompasses 85 percent of the Indian population, making it one of the largest breaches of its kind. The breach includes significant information such as names, mobile numbers, addresses, and Aadhaar card (identity number) details. The hackers are currently demanding USD3,000 (SGD4,020) for the entire dataset.
Individual and Organizational Risk Exposure
The available data for sale is compressed to 600GB and expands to 1.8TB when uncompressed, presenting considerable risks to both individuals and businesses. Following an initial analysis of the sample dataset, CloudSEK researchers discovered that the breach affected all major telecom providers. The company stated that the leak of Personally Identifiable Information (PII) (Aadhaar card) poses a significant risk to both individuals and organizations, potentially resulting in financial losses, identity theft, reputation damage, and increased vulnerability to cyberattacks.
Firstly, for businesses, the compromise of proprietary information, trade secrets, and customer data could have severe consequences, including reputational damage and legal liabilities. Secondly, the increased attack surface resulting from such large datasets provides cyber attackers with numerous opportunities to exploit vulnerabilities, leading to various malicious activities such as phishing, malware attacks, and ransomware campaigns targeting both individuals and businesses.
Moreover, the potential misuse of this extensive data by threat actors poses additional risks, including targeted advertising, social engineering attacks, and extortion attempts. Such actions not only compromise individuals' privacy and security but also undermine the integrity of businesses' operations and relationships with customers. Furthermore, regulatory compliance risks loom large, as failure to adequately safeguard this data can result in non-compliance fines and penalties for businesses, while individuals may suffer from violations of their rights under data protection laws.
An Urge for Validation and Flaw Identification
Sparsh Kulshrestha, CloudSEK's threat intelligence and security researcher, stated that the severity of this data leak cannot be overstated. "With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented," he added. Kulshrestha urged telecom service providers and the government to validate the data and find the flaws. CloudSEK added that the "exact methods employed by the threat actor to obtain the data remains undisclosed.” The company further denied their involvement in the breach.