Threat Actors Selling 1.8TB Database of Indian Mobile Users


The database holds personal records of over 750 million Indian citizens, accounting for nearly half of the country’s 1.4 billion population.

A massive yet alleged data breach has reportedly exposed the personal information of millions worldwide, encompassing 85% of the Indian population, marking it as the largest-ever breach of its kind.

Indian cybersecurity firm CloudSEK has reported a staggering data leak exposing personal information, including names, mobile numbers, addresses, and the unique 12-digit Aadhaar card numbers, of 750 million Indians, roughly half of the country’s population of 1.4 billion.

The breach affects mobile network subscribers across multiple countries, posing significant privacy and data security concerns. This compromised database contains security-sensitive information, claim CloudSEK researchers, and has been compressed to 600GB from 1.8TB when uncompressed.

CloudSEK’s investigation of a trove of personally identifiable information (PII) in the database revealed the breach has impacted all major telecom providers but Indian users are at a higher risk, due to the exposure of their unique Aadhaar identification number, raising concerns about identity theft, financial fraud, and cybercrime.

The database is being sold on Telegram and Breach Forums, a well-known platform for hackers and cybercrime activities. Interestingly, this forum recently saw another threat actor leaking a database from Hathway, which contained information from 4 million users.

In fact, two different cybercrime groups, including CYBO CREW-affiliated CyboDevil and UNIT8200 are offering the data for sale for $3,000.

CloudSEK reports that the threat actor selling the data has denied involvement in this data breach and claims to have obtained it through law enforcement channels’ undisclosed asset work, however, the source remains unclear.

Screenshot shows details of what the group is selling (Credit: CloudSEK)

For your information, CYBOCREW is an emerging new threat group, first discovered in July 2023. The group has so far targeted organizations in the automobile, jewellery, insurance, and apparel sectors, conducting major breaches.  CyboDevil and UNIT8200 are amongst its most active affiliates.

CloudSEK’s Sparsh Kulshrestha highlighted that the “magnitude” of this data breach is unprecedented, emphasizing the importance of telecom service providers and the government to devise measures for identifying potential security vulnerabilities beforehand to prevent such attacks.

Users are advised to change passwords, be cautious of phishing, monitor accounts, and report suspicious activity after a breach, especially those linked to mobile numbers or Aadhaar, to protect their information. CloudSEK has responsibly notified impacted parties and relevant authorities regarding the data breach.

  1. Indian ISP Hathway Data Breach: Hacker Leaks 4M User Data
  2. iPhone Hack Attack Warnings Spark Political Firestorm in India
  3. Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
  4. Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted
  5. India’s Largest Truck Brokerage Company Leaking 140GB of Data





Source link