A massive database containing the personal information of about 750 million people in India was put up for sale on the dark web earlier this month, according to a report by cybersecurity firm CloudSEK.
This database is 1.8 terabytes in size and contains personal information such as name, mobile number, address, and Aadhaar details (Aadhaar number is unique to an individual and is used for identification purposes).
CloudSEK, India’s comprehensive mobile network subscriber database, points out in a report. security weekwas advertised on underground forums for $3,000 by a threat actor known as CyboDevil.
CloudSEK’s analysis of a sample dataset shared by the attackers revealed that the information affected subscribers of all major telecom providers in India. Given its scale, this breach is estimated to affect 85% of India’s population.
About two weeks ago, an attacker known as Unit8200 provided a similar dataset on Telegram. Both attackers are known to be affiliates of his CyboCrew group, which has been active since July 2023 and may be responsible for various data breaches.
When asked about the source of the data, the attackers denied obtaining the information through a data breach, CloudSEK said, saying they obtained the information “through undisclosed property work within law enforcement agencies.”
CloudSEK said it has notified the relevant authorities and organizations potentially affected by the breach.
Leaked information can be used for identity theft, financial fraud, fraud, and other types of malicious attacks.
“The scale of this data breach cannot be overstated. With the personal information of 750 million people exposed, the potential for cyberattacks and identity theft is unprecedented. Telecommunications service providers and governments need to verify data and identify loopholes. This breach highlights the critical importance for organizations and individuals to prioritize cybersecurity measures and remain vigilant. ” said CloudSEK researcher Sparsh Kulshrestha.
Related: Insurance broker Keenan & Associates data breach affects 1.5 million people
Related: Schneider Electric responds to ransomware attack and data breach
Related: LoanDepot breach: 16.6 million people affected