Hacker Leaks 4 Million Users, KYC Data


In an unusual move, the hacker behind the Hathway data breach has developed a dark web search engine for potential victims. This tool allows them to search for their email addresses and phone numbers to check if their data was exposed.

A hacker operating under the alias ‘dawnofdevil’ has recently leaked a database, alleging it to be associated with Hathway (formerly known as BITV Cable Networks and officially named Hathway Cable & Datacom Ltd). Hathway is a leading Indian Internet Service Provider (ISP) and cable television service operator.

In their post on the notorious Breach Forums, where the database was leaked, the hacker disclosed that the data breach took place in December 2023 after they managed to breach Hathway’s defences by exploiting a security vulnerability present in the Laravel framework application, the content management system (CMS) used by the company.

As seen by Hackread.com, the hacker has shared two links. The first link comprises 12GB of user data, while the second link contains a staggering 214GB of information distributed across over 800 CSV files and production data.

It’s important to highlight that, according to the hacker, the 12GB file includes the personal details of more than 41 million Hathway customers. This comprehensive data contains their full names, email addresses, phone numbers, home addresses, customer registration forms, copies of Adhaar cards with the forms, and various other personal information including KYC data.

However, as analysed by Hackread.com, the analysis of the leaked data reveals a count of 35 million users. Furthermore, a significant portion of these accounts appear to be either dummy or duplicates. Following the elimination of these duplicates, the actual number of impacted accounts is reduced to almost 4 million, significantly lower than the initially claimed 41 million accounts.

At present, Hackread.com could not analyze the second file since it was deleted. However, it can be confirmed that this file also includes personal and financial details. These details appear to belong to what seems to be a combination of Hathway’s employees and customers.

Previous Attempts to Sell Data

The hacker made initial attempts to sell the data before ultimately resorting to leaking it online. On Friday, December 22, 2023, ‘dawnofdevil’ tried to sell the Hathway data for $10,000. However, their efforts to find a buyer proved unsuccessful, leading them to make the data public by leaking it.

Hacker Creates Search Engine for the Alleged Victims of Hathway Data Breach

The argument that malicious threat actors often stay one step ahead holds in this case. The ‘dawnofdevil,’ hacker, has taken an unusual step by developing a dark web search engine for the victims of this data breach. This tool enables individuals to search for their email addresses and phone numbers, providing a means to check if their data is involved in the leak. However, due to privacy considerations, we have chosen not to share the link with the public.

Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data

Nevertheless, Hathway has been contacted for comment. If and once the company responds we will update this article accordingly. Meanwhile, if you are a Hathway customer/subscriber, watch out for phishing emails claiming to come from the company addressing the incident, it could be scammers trying to steal your login credentials as this data leak does not contain your passwords.

  1. Top ERP Firm Exposing Half a Million Indian Job Seekers Data
  2. Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
  3. Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted
  4. Covid antigen test results of 1.7m Indian, foreign nationals leaked
  5. India’s Largest Truck Brokerage Company Leaking 140GB of Data
  6. ShinyHunters leak database of Indian wedding portal WedMeGood





Source link