A substantial 1.8TB database, purportedly holding the personal information of over 750 million Indian citizens, has surfaced on the cyber black market. This database accounts for almost half of India’s massive population of 1.4 billion, marking it as the most extensive breach of its kind.
Indian cybersecurity firm CloudSEK has brought attention to an alarming data leak that exposes personal details such as names, mobile numbers, addresses, and the unique 12-digit Aadhaar card numbers of 750 million individuals. This breach has far-reaching implications, affecting mobile network subscribers across various countries and giving rise to serious privacy and data security concerns. The compromised database, initially 1.8TB in size, has been compressed to 600GB.
CloudSEK’s investigation into this trove of personally identifiable information (PII) reveals its impact on all major telecom providers. However, Indian users face a heightened risk due to the exposure of their unique Aadhaar identification numbers, intensifying concerns regarding identity theft, financial fraud, and cybercrime.
The illicit sale of this database is taking place on platforms like Telegram and Breach Forums, well-known hubs for hackers and cybercriminal activities. Notably, this forum recently witnessed another threat actor leaking a database from Hathway, encompassing information from 4 million users.
Surprisingly, two distinct cybercrime groups, namely CYBO CREW-affiliated CyboDevil and UNIT8200, are offering the data for sale at a price of $3,000.
CloudSEK’s report highlights that the threat actor selling the data disavows any involvement in the data breach, asserting acquisition through undisclosed asset work related to law enforcement channels. However, the actual source remains shrouded in uncertainty, further deepening the complexity of this concerning situation.
For additional context, CYBOCREW, an emerging threat group discovered in July 2023, has targeted organizations in the automobile, jewelry, insurance, and apparel sectors, conducting significant breaches. CyboDevil and UNIT8200 stand out as prominent affiliates within this group.
Emphasizing the unprecedented “magnitude” of this data breach, CloudSEK’s Sparsh Kulshrestha underscores the need for telecom service providers and the government to proactively identify and address potential security vulnerabilities, preventing such expansive attacks.
In response to the breach, users are advised to promptly change passwords, exercise caution against phishing attempts, monitor their accounts closely, and report any suspicious activities, particularly those linked to mobile numbers or Aadhaar, to safeguard their information. CloudSEK has responsibly informed affected parties and relevant authorities about the data breach.