Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2024
750 million Indian mobile subscribers’ info for sale on dark web

750 million Indian mobile subscribers’ info for sale on dark web

Table of Contents

Incident Details

CloudSEK, an Indian cybersecurity company, recently reported discovering information on the dark web related to 750 million Indian mobile network users. This data, which was being offered for sale by two criminal groups for $3,000, contained details such as names, phone numbers, addresses, and Aadhaar information. CloudSEK identified CyboDevil and UNIT8200, affiliates of CYBO CREW, as the sources of this 1.8TB database. According to CloudSEK, the threat actors claimed to have acquired the information through undisclosed methods within law enforcement networks, rather than from a breach at Indian telecom companies. The company's preliminary investigation revealed that this data breach impacted all major telecommunications providers in India. CloudSEK emphasized the serious risks posed by the leakage of Personally Identifiable Information (PII), including potential financial losses, identity theft, damage to reputation, and heightened vulnerability to cyber threats.

Incident

How Did the Breach Happen?

Two criminal groups, known as CYBO CREW associates CyboDevil and UNIT8200, caused a breach by selling a large amount of data consisting of personal details of 750 million Indian mobile network users on a hidden part of the internet. They asserted that the information was acquired through covert operations within law enforcement networks, as opposed to being leaked from Indian telecommunications companies.

What Data has been Compromised?

The data breach involves personal information such as names, phone numbers, addresses, and Aadhaar details of 750 million mobile network users in India.

Why Did the company's Security Measures Fail?

The specific cause of the company's security measures malfunctioning is not disclosed in the information given. Nevertheless, the security breach happened because two criminal groups were selling the collection of data belonging to Indian mobile subscribers on the dark web. This indicates a shortcoming in the company's implementation of sufficient security measures to safeguard the data from unauthorized parties accessing it.

What Immediate Impact Did the Breach Have on the company?

The exposure of the Personally Identifiable Information (PII) of 750 million subscribers of the mobile network in India presents a significant threat to both people and businesses. This situation has the potential to result in financial harm, identity theft, harm to reputation, and heightened vulnerability to cyber intrusions.

How could this have been prevented?

One way to avoid a similar security breach is by enhancing security protocols, like encrypting customer information, conducting routine security assessments and penetration testing, providing staff with training on data security, and enforcing strict access restrictions to prevent unauthorized data access.

What have we learned from this data breach?

The recent security incident underscores the critical need for strong security measures to safeguard sensitive customer data. It stresses the necessity for companies to give high importance to data security and implement preventive actions to stop unauthorized access and data breaches.

Summary of Coverage

CloudSEK, an Indian cybersecurity company, found an extensive collection of data on the dark web that compromised the personal details of 750 million subscribers of Indian mobile networks. This data, provided by two criminal groups, consists of personal information like names, phone numbers, addresses, and Aadhaar details. The exposure of this data presents a serious threat to both individuals and businesses, as it could result in financial harm, identity theft, harm to reputations, and heightened susceptibility to cyber assaults.

Is your System Free of Underlying Vulnerabilities?
Find Out Now