Over 25 lakh Airtel subscribers data allegedly leaked online, Airtel denies breach

Updated on 05-Feb-2021
HIGHLIGHTS

Hackers post details of over 2.5 million Airtel subscribers

Hackers claim to be in possession of all Airtel user data

Airtel denies reports of any data breach

Airtel is in the center of a massive data breach that left all of its user data vulnerable to potential theft. A hacker group going by the name of Red Rabbit Team has posted details of as many as 25 lakh (2.5 million) Airtel subscribers online as “sample data” and is looking to sell all subscriber data for $ 3,500 bitcoins. The website where the sample data was posted has been taken down earlier this week, however, the hacker group allegedly remains in possession of all Airtel subscribers data.

https://twitter.com/rajaharia/status/1356511408884604934?ref_src=twsrc%5Etfw

The airtel data breach came into the spotlight when Rajshekhar Rajaharia, a security researcher in India posted a tweet with screenshots of the same sample data. Most details from these screenshots have been redacted, considering the sensitivity of the data sets leaked. The hacker group posted data points of over 25 lakh Airtel subscribers including details like City, Gender, Full name, Date of birth, Service status, Phone number, House number, Aadhaar number, Passport, Voter ID, Father / Husband name and IMSI ( International mobile subscriber identity) number.

https://twitter.com/rajaharia/status/1356511459216220160?ref_src=twsrc%5Etfw

The sample data sets released contains details of Airtel users from regions such as Jammu and Kashmir, Punjab, Delhi, Maharashtra, Rajasthan, Karnataka and more. Moreover, Rajshekhar also posted a video of a conversation between the hacker group and Airtel's Security Incident Response Team (SIRT) dating back to December 2020. This indicates that Airtel was aware of a potential data breach from the past two months or so. The hackers were planning to extort the same amount from Airtel, but it did not seem to work out. 

Moreover, Rajshekhar also revealed that the hackers targeted one of Airtel's server where they uploaded a shell script which is essentially a malicious file that gives control of a server to the hackers. Through this technique, the hackers were able to gain access to Airtel's servers. Having said that, Airtel has outright denied any data breach on its servers. 

Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter , ”Airtel said in a statement to the media.

Another cybersecurity researcher Avinash Jain told The Economic Times that it is certain that data of Airtel users have leaked online. "Still cannot comment on what is the number, but on verification of the data posted by the hacking team, it is found to be true," Avinash added.

It remains to be seen whether Airtel launches a full-scale investigation into the alleged data breach or stands its ground denying the breach.

Click here to know more about Airtel mobile recharge prepaid plans.

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech.

Connect On :