Cybersecurity co claims data leak of telecom users, DoT demands audit

The Department of Telecom has asked service operators for a security audit of their systems following claims by a cybersecurity firm that data of 750 million Indian subscribers has been leaked, a government official said.

Cybersecurity firm CloudSEK has claimed that its researchers have found that hackers are selling 1.8 terabyte of database comprising 750 million Indian mobile consumers on the dark web.

The hacker has denied any involvement in a breach and has claimed to have obtained the data through undisclosed asset work within law enforcement channels, CloudSEK said.

"The DoT has asked telecom operators to get a security audit of their systems," a senior government official said.

The officer, however, said that telecom operators have informally shared with the department that the leaked information claimed in the ClouSEK report seems to be a compilation of old data sets of telecom subscribers and it is not due to any vulnerability in their system.

CloudSEK in its report last week said that its researchers have found that CYBO CREW affiliates CyboDevil and UNIT8200 have recently advertised a massive Indian Mobile Network Consumer Database for sale.

"This extensive mobile network database contains sensitive details belonging to a staggering 750 million individuals. It includes critical information like names, mobile numbers, addresses, and Aadhaar details. The sheer size of this dataset, totaling 1.8 terabytes, presents an alarming threat to security," CloudSEK said.

The cyber intelligence firm, which engages with government cyber security CERT-In, said that the breach came to light on January 23 and as part of responsible disclosure CloudSEK has informed the relevant authorities and organisations possibly impacted by the breach.

"The data, available for sale, is compressed to 600GB and uncompressed to 1.8 TB, posing significant risks to both individuals and organizations. The threat actor has demanded USD 3,000 for the entire dataset," the report said.

The leak of Personally Identifiable Information (PII) poses a huge risk to both individuals and organizations, potentially leading to financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.

"The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented. Telecom service providers and the government must validate the data and identify the loophole," CloudSEK, Threat Intelligence and Security Research, Sparsh Kulshrestha said.

He said the sample provided by the threat actor has been verified.

"The mobile numbers in question are associated with all the major Indian telecom operators, and the Aadhaar number provided is also confirmed as valid. We have promptly notified the relevant government authorities in India, as well as the concerned telecom operators," Kulshrestha said.