Telecom Department Orders Probe After 750 Million Users’ Data Leaked: Report |
[ad_1]
Cybersecurity firm CloudSEK last week claimed in a report that hackers are selling 1.8TB database containing details of 750 million Indian mobile consumers on the dark web. In response to claims made by the firm, the Department of Telecom (DoT) has asked service operators to conduct security audits of their systems.
Citing CloudSEK, news agency PTI reported that the hacker, however, has denied involvement in the breach, saying the data was acquired through undisclosed means within law enforcement channels.
“The DoT has asked telecom operators to get a security audit of their systems,” a senior government official was quoted as saying. The officer, however, said that telecom operators have informally told the department that the leaked information appears to be a compilation of old data sets rather than a vulnerability within their systems
The department has nonetheless urged operators to undertake security audits as a precautionary measure.
What CloudSEK’s report said
CloudSEK claimed in its report that its researchers have found that CYBO CREW affiliates CyboDevil and UNIT8200 have advertised a massive Indian Mobile Network Consumer Database for sale.
“This extensive mobile network database contains sensitive details belonging to a staggering 750 million individuals. It includes critical information like names, mobile numbers, addresses, and Aadhaar details. The sheer size of this dataset, totaling 1.8 terabytes, presents an alarming threat to security,” CloudSEK said in its report.
The firm, which engages with government cyber security CERT-In, said the breach, which CloudSEK discovered on January 23, prompted the firm to follow responsible disclosure practices by informing relevant authorities and impacted organisations.
“The data, available for sale, is compressed to 600GB and uncompressed to 1.8 TB, posing significant risks to both individuals and organisations. The threat actor has demanded USD 3,000 for the entire dataset,” the report said.
Sparsh Kulshrestha, threat intelligence and security researcher at CloudSEK, said the sample provided by the threat actor has been verified, with the associated mobile numbers spanning across major Indian telecom operators and the Aadhaar numbers confirmed as valid.
Citing CloudSEK, news agency PTI reported that the hacker, however, has denied involvement in the breach, saying the data was acquired through undisclosed means within law enforcement channels.
“The DoT has asked telecom operators to get a security audit of their systems,” a senior government official was quoted as saying. The officer, however, said that telecom operators have informally told the department that the leaked information appears to be a compilation of old data sets rather than a vulnerability within their systems
The department has nonetheless urged operators to undertake security audits as a precautionary measure.
What CloudSEK’s report said
CloudSEK claimed in its report that its researchers have found that CYBO CREW affiliates CyboDevil and UNIT8200 have advertised a massive Indian Mobile Network Consumer Database for sale.
“This extensive mobile network database contains sensitive details belonging to a staggering 750 million individuals. It includes critical information like names, mobile numbers, addresses, and Aadhaar details. The sheer size of this dataset, totaling 1.8 terabytes, presents an alarming threat to security,” CloudSEK said in its report.
The firm, which engages with government cyber security CERT-In, said the breach, which CloudSEK discovered on January 23, prompted the firm to follow responsible disclosure practices by informing relevant authorities and impacted organisations.
“The data, available for sale, is compressed to 600GB and uncompressed to 1.8 TB, posing significant risks to both individuals and organisations. The threat actor has demanded USD 3,000 for the entire dataset,” the report said.
Sparsh Kulshrestha, threat intelligence and security researcher at CloudSEK, said the sample provided by the threat actor has been verified, with the associated mobile numbers spanning across major Indian telecom operators and the Aadhaar numbers confirmed as valid.
[ad_2]
Source link