Bharti Airtel Denies Customer Data Was BreachedResearcher Claims Data of 2.5 Million Subscribers Had Been Offered for Sale
Bharti Airtel, one of the largest telecommunications firms in India, is refuting claims by an independent security researcher that subscriber data was breached and offered for sale by a hackers.
Cybersecurity researcher Rajshekhar Rajaharia, who posted on Twitter what he said were some of the masked details of the leaked database, says he determined that the data of 2.5 million Bharti Airtel subscribers had been compromised and posted for sale. The data includes names, dates of birth, government-issued Aadhaar ID numbers, physical addresses and IMSI cellphone subscriber ID numbers.
At one point, the stolen data was advertised for sale on a public website registered in Uttar Pradesh, India, which has since closed, Rajaharia says. A threat actor called "Red Rabbit Team" put the entire database up for sale for $3,500 in bitcoin, he adds.
Another Big Data Breach? A Hacker Group alleged uploaded "shell" in @airtelindia Server. Now selling all India Airtel subscribers data including Aadhaar Number. Posted 2.5 Million as sample data. (in Jan 2021)#InfoSec #DataLeak #GDPR #databreaches #dataprotection #DataPrivacyDay pic.twitter.com/uxWopfKU0M— Rajshekhar Rajaharia (@rajaharia) February 2, 2021
Rajaharia says the website that hosted the database was active until Tuesday. He says the hackers apparently took down the domain the domain after he wrote about it. But he says he captured images of some of the data posted.
A spokesperson for Bharti Airtel, however, tells Information Security Media Group that the company's data has not been breached.
"In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel," the spokesperson says. "We have already apprised the relevant authorities of the matter."
Rajaharia also posted a video on Twitter that he says shows online and email conversations between the Bharti Airtel security team and the Red Rabbit Team hackers negotiating over the data.
The data belonging to Bharti Airtel was offered for sale for almost two months and was available on an open-forum where anyone with an internet connection could have accessed the data, Rajaharia says.
The researcher says these types of data leaks are becoming more common throughout India, especially in the wake of the COVID-19 pandemic and workers moving to remote offices. He argues that India needs stricter privacy and data disclosure laws.
Over the last few months, several large Indian organizations have been affected by data breaches.
In January, JusPay, an online payment platform, acknowledged that it sustained a breach of customer data in August 2020. That announcement came a day after Rajaharia reported that the data of millions of JusPay customers had been offered for sale on a darknet forum (see: Indian Payment Platform JusPay Breached).
In December 2020, researchers found 2 GB of personally identifiable information, including names, email addresses, contact details, and the Permanent Account Numbers of 7 million debit and credit cardholders in India circulating on darknet forums (see: Personal Details of 7 Million Indian Cardholders Exposed).
And in October 2020, a security researcher disclosed that an unsecured Amazon Web Services S3 bucket potentially exposed 50 GB of patient data belonging to Dr Lal PathLabs (see: Unsecured AWS Database Left Patient Data Exposed).