The Department of Telecom (DoT) has instructed telecom service operators to conduct a security audit of their systems in response to claims by cybersecurity firm CloudSEK that data on 750 million Indian subscribers has been leaked, according to a government official.
CloudSEK reported that hackers are selling a 1.8-terabyte database comprising details of 750 million Indian mobile consumers on the dark web. The alleged hacker has denied involvement in a breach and claimed to have obtained the data through undisclosed asset work within law enforcement channels, as per CloudSEK.
A senior government official said, “The DoT has asked telecom operators to get a security audit of their systems.” However, telecom operators have reportedly informally shared with the department that the leaked information in the CloudSEK report appears to be a compilation of old data sets of telecom subscribers and is not due to any vulnerability in their systems.
CloudSEK’s report highlighted that CYBO CREW affiliates CyboDevil and UNIT8200 had advertised a massive Indian Mobile Network Consumer Database for sale. The database reportedly contains sensitive details, including names, mobile numbers, addresses, and Aadhaar details of 750 million individuals. The leaked data, available for sale, poses significant risks such as financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.
CloudSEK, in its responsible disclosure, informed relevant authorities and organizations possibly impacted by the breach. The cyber intelligence firm emphasized the need for validation of the data and identification of potential loopholes by telecom service providers and the government. The threat actor allegedly demanded USD 3,000 for the entire dataset, according to the report.
(With PTI inputs)