Indian Telecom Users' Data on Sale on Dark Web: CloudSEK Report

India-based cybersecurity company CloudSEK has raised an alarm after discovering a sale of 1.8 terabytes of sensitive data on the dark web.

The compromised information, concerning telecom users in India, encompasses names, mobile numbers, addresses, and even Aadhaar details, posing a substantial threat to both individuals and organizations.

Telecom Industry Response

While telecom operators such as Jio, Airtel, and Vi have not officially addressed the situation, The Economic Times reports that they informed the Department of Telecommunications (DoT) that the leaked data consists of old datasets from various telecom subscribers.

These companies assert that the breach did not result from any technical vulnerabilities within their infrastructure. The Indian Computer Emergency Response Team (CERT-In) is reportedly monitoring the situation, awaiting an official statement.

Confirmation of Genuine Data

Sparsh Kulshreshta, Threat Intelligence and Security Researcher at CloudSEK, has verified the authenticity of the leaked data. The associated contact numbers and Aadhaar details are confirmed to be valid. The dark web listing offers information on over 750 million users for a mere $3000 (approximately ₹2,49,157).

This data, if exploited, can lead to targeted cyber attacks, identity theft, reputation damage, and financial fraud. Authorities are currently investigating the full extent of the data breach.

User Caution Advised

While official responses are pending, Indian telecom users are urged to exercise caution. CloudSEK recommends heightened awareness regarding spam text messages and emails. Individuals should refrain from clicking on suspicious links or attachments in their inboxes, as phishing attacks tend to surge following data breaches.

While preventing a data breach at an individual level may be challenging, adhering to general safety measures can help users shield themselves from potential harm.

Stay vigilant against unusual or unauthorized use of personal information. Regularly monitor financial accounts for any suspicious transactions. Be cautious of unsolicited communication and avoid sharing personal details with unknown sources. Enhance security by installing and regularly updating software on devices to protect against malware and phishing attempts. Stay proactive in safeguarding your digital identity.