Massive Security Breach: Personal Data of 750 Million Indian Telecom Users on Dark Web, Says CloudSEK
Cybersecurity Firm CloudSEK Uncovers Massive Breach: 750 Million Indian Telecom User Data, Including Names and Aadhaar Information, Being Sold on Dark Web for $3,000.
Cybersecurity firm CloudSEK has made a concerning discovery, exposing a significant security breach that has compromised the personal information of an astonishing 750 million individuals in India. The breach encompasses critical details such as names, mobile numbers, addresses, and even Aadhaar information.
This vast database, totaling a staggering 1.8 terabytes, is currently being offered for sale on the dark web by threat actors associated with CyboDevil and UNIT8200.
The revealed dataset purportedly encompasses 85% of the Indian population, marking it as one of the largest breaches in recent times. Comprising compressed data of 600GB, which expands to 1.8TB when uncompressed, the compromised information poses substantial risks to both individuals and organizations.
The hackers responsible for the breach are demanding $3,000 for the entire dataset, underscoring the severity and potential consequences of this extensive security incident.
CloudSEK’s analysis found that major telecom providers suffered a leak of Personally Identifiable Information (PII). This breach poses risks such as financial losses, identity theft, reputational damage, and heightened vulnerability to cyberattacks.
The CYBOCREW group, identified as threat actors, claims prior access to real-time Indian phone number KYC details and has been observed selling API access to the Indian vehicle database. Their actions hint at potential vulnerabilities within government databases or telecommunication systems.
Sparsh Kulshrestha from CloudSEK emphasizes the gravity of the situation, stating, ‘The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented.
CloudSEK, in response to the breach, has notified relevant authorities and potentially affected organizations. As a precaution, individuals and organizations are advised to deploy advanced threat detection systems, adhere to data protection regulations, and conduct awareness programs to educate users about potential scams and phishing attempts.
The breach underscores the urgent need for a holistic cybersecurity approach, collaboration with authorities, and immediate implementation of robust measures to thwart unauthorized access and data breaches. It serves as a stark reminder of ongoing digital threats, emphasizing the importance of a collective effort to bolster cybersecurity defenses.
Read more Tech News
