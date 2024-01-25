Researchers at cybersecurity firm CloudSEK have announced that they have found that global threat actors have recently advertised a massive Indian mobile network consumer database for sale. This mobile network database contains sensitive details belonging to a staggering 750 million individuals.

It supposedly includes critical information like names, mobile numbers, addresses, and Aadhaar details. The sheer size of this dataset, totalling 1.8 terabytes, presents an alarming threat to security, according to CloudSEK.

The leak of Personally Identifiable Information (PII) poses a huge risk to both individuals and organizations, potentially leading to financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.

The discovery of this breach came to light when CloudSEK's contextual AI digital risk platform XVigil detected a post by a threat actor known as CyboDevil on an underground forum.

According to a claim by the threat actor, this extensive dataset allegedly encompasses a staggering 85% of the Indian population, making it one of the largest breaches of its kind. Upon their initial analysis of the sample dataset shared by the threat actor, CloudSEK researchers have found that the leak affects all major telecom providers. CloudSEK says it has informed the relevant authorities and organisations possibly impacted by the breach, as part of responsible disclosure.

According to CloudSEK, inquiries about acquiring these extensive datasets have yielded an elusive response from the threat actor. The actor has denied any involvement in a breach and has claimed to have obtained the data through undisclosed asset work within law enforcement channels.

"The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented. Telecom service providers and the government must validate the data and identify the loophole. This breach underscores the critical need for organisations and individuals to prioritise cybersecurity measures and remain vigilant,” said Sparsh Kulshrestha, Threat Intelligence & Security Research CloudSEK.

Members of the same group of threat actors, the CYBOCREW group, have previously claimed real-time access to Indian phone number KYC details, including government lookup capabilities, in July 2023.

While the exact methods employed remain undisclosed, these claims may suggest potential vulnerabilities within government databases or telecommunication systems. The CYBOCREW group has also been observed selling API access to the Indian vehicle database, boasting access to 815 million Aadhaar and passport records, alongside the Indian Mobile Network Consumer Database.

The CYBOCREW group, which became active in July 2023, includes prominent threat actors CyboDevil and UNIT8200, both joining the underground forum in June 2023. These threat actors have been linked to major breaches, targeting multiple organizations in the automobile, jewellery, insurance, and apparel sectors.

According to CloudSEK, the compromised information poses various risks, including financial fraud, social engineering tactics, identity theft, and targeted scam campaigns. To mitigate these risks, it is essential for organizations to: