A massive database containing the information of roughly 750 million individuals in India was offered for sale on the dark web earlier this month, cybersecurity company CloudSEK reports.
The database, 1.8 terabytes in size, contains personal information such as names, mobile phone numbers, addresses, and Aadhaar details (the Aadhaar number is unique to an individual and serves for identification purposes).
The comprehensive Indian mobile network subscriber database, CloudSEK notes in a report shared with SecurityWeek, was advertised on an underground forum by a threat actor known as CyboDevil for $3,000.
CloudSEK’s analysis of a sample dataset shared by the threat actor revealed that the information impacts the subscribers of all major telecom providers in India. Given its size, the leak is estimated to affect 85% of the Indian population.
Roughly two weeks ago, a threat actor known as Unit8200 offered a similar dataset on Telegram. Both threat actors are known affiliates of the CyboCrew group, which has been active since July 2023, likely being involved in various data breaches.
According to CloudSEK, when asked about the source of the data, the threat actor has denied obtaining the information via a data breach, saying that they acquired it “through undisclosed asset work within law enforcement channels”.
CloudSEK says it has informed the relevant authorities, as well as the organizations potentially impacted by the breach.
The leaked information could be used for identity theft, financial fraud, scams, and other types of malicious attacks.
“The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented. Telecom service providers and the government must validate the data and identify the loophole. This breach underscores the critical need for organizations and individuals to prioritize cybersecurity measures and remain vigilant,” CloudSEK researcher Sparsh Kulshrestha said.