A recent data leak has revealed that over 750 million Indian citizens, almost half of the country’s 1.4 billion population, have had their personal information exposed. This massive breach is being reported as one of the biggest cyberattacks ever, affecting nearly 85% of India’s population.
The cybersecurity firm CloudSEK conducted an investigation, which found that the data leak includes sensitive personal information such as names, mobile numbers, addresses, and Aadhaar card numbers. This is a serious breach of security, and with the compromised database being compressed to 600GB from 1.8TB when uncompressed, it poses a significant threat to privacy and data security.
The breach has far-reaching implications and affects mobile network subscribers in multiple countries. CloudSEK has found that all major telecom providers have been impacted, but Indian users are at a higher risk due to the exposure of their unique Aadhaar identification number. This raises concerns about identity theft, financial fraud, and cybercrime.
The compromised database is being sold on the dark web, specifically on Telegram and Breach Forums, which are platforms frequently used by hackers and cybercriminals. Two different cybercrime groups, including CYBO CREW-affiliated CyboDevil and UNIT8200, are offering the data for sale for $3,000. The threat actor selling the data has denied involvement in the breach and claimed to have obtained it through undisclosed law enforcement channels, although the source remains unclear.
CYBOCREW is a newly discovered threat group that has been active since July 2023, targeting various organizations and conducting major breaches in sectors such as automobiles, jewelry, insurance, and apparel. This makes it a significant threat to data security.
CloudSEK emphasized the unprecedented magnitude of this data breach, stressing the importance of telecom service providers and the government implementing measures to identify potential security vulnerabilities and prevent such attacks. It is crucial for users to change their passwords, be cautious of phishing attempts, monitor their accounts, and report any suspicious activity to protect their information. CloudSEK has also notified impacted parties and relevant authorities regarding the data breach.
This alarming breach of data has raised concerns about the growing threat of cybercrime and the need for stronger measures to safeguard personal information. This incident serves as a reminder of the importance of data security and the significant impact that large-scale breaches can have on individuals and organizations. It is necessary for all parties involved to take proactive steps to address this issue and prevent similar breaches in the future.