Cybercriminals have put up for sale on a popular hacker forum a massive set comprising records of 750 million people from India, customers of several telecom service providers in the country.
The seller, a member of the so-called ‘Cybo Crew’ claimed to hold 1.8 terabytes of data containing full names, mobile numbers, physical addresses, and Aadhaar information on what is roughly 85% of the entire Indian population.
The breach was discovered by CloudSEK, a Singapore-based cyber-intelligence firm with a strong presence in India too, and the ability to scrutinize datasets and determine their authenticity. CloudSEK says the Cybo Crew advertised the data first on Telegram, on January 14, and followed with a post on BreachForums on January 23, 2024.
CloudSEK
Personally identifiable information combined with contact details and Aadhaar numbers could be used in phishing, scamming, and identity theft attacks against the exposed subscribers, or used in combination with other breaches to create detailed profiles.
The data was offered for sale at a cost of $3,000, but it is unclear if anyone bought it. The user who posted data samples on BreachForums has since deleted the thread, which is a typical move following a successful exchange.
CloudSEK has told RestorePrivacy that its analysts examined the leaked sample and verified that the data is authentic. Specifically, the company validated both phone numbers and Aadhaar numbers, finding matches.
The firm says it has notified the relevant government authorities in India as well as the impacted telecom service providers whose customer data was exposed. It remains ambiguous how ‘Cybo Crew’ succeeded in amassing that data, as it likely does not originate from a single breach.
“The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented. Telecom service providers and the government must validate the data and identify the loophole. This breach underscores the critical need for organizations and individuals to prioritize cybersecurity measures and remain vigilant.”
Sparsh Kulshrestha, CloudSEK threat researcher
CloudSEK says this is not the first time ‘Cybo Crew’ makes bold claims regarding large-scale breaches. Since its formation in June 2023, members of the group have been linked to cyberattacks targeting companies in the automobile, jewelry, insurance, and apparel sectors, with many of those confirming data breaches.