1.8TB Indian Mobile Network Consumer Database of 750 Million Individuals Up for Sale by Threat Actors

BENGALURU: Researchers at cybersecurity firm CloudSEK have found that CYBO CREW affiliates CyboDevil and UNIT8200 have recently advertised a massive Indian Mobile Network Consumer Database for sale.

This extensive mobile network database contains sensitive details belonging to a staggering 750 million individuals. It includes critical information like names, mobile numbers, addresses, and Aadhaar details. The sheer size of this dataset, totaling 1.8 terabytes, presents an alarming threat to security.

The discovery of this breach came to light on 23rd January 2024 when CloudSEK’s contextual AI digital risk platform XVigil detected a post by a threat actor known as CyboDevil on an underground forum.  The post advertised the comprehensive Indian Mobile Network Consumer Database for sale, a similar offering that had been made by another threat actor, UNIT8200, on 14th January 2024 via Telegram.

ALSO READ: Beware of Fake Merchants: All You Need To Know About Qwiklabs-Linked Brand Scams

Comprehensive Data Coverage

According to the threat actor, this extensive dataset allegedly encompasses a staggering 85% of the Indian population, making it one of the largest breaches of its kind.

The data, available for sale, is compressed to 600GB and uncompressed to 1.8TB, posing significant risks to both individuals and organizations. The threat actor has demanded $ 3,000 for the entire dataset.

ALSO READ: Hacktivists Launch #OPINDIA as India Celebrates Ram Mandir inauguration – Check All Details Here

Upon their initial analysis of the sample dataset shared by the threat actor, CloudSEK researchers have found that the leak affects all major telecom providers.

The leak of Personally Identifiable Information (PII) poses a huge risk to both individuals and organizations, potentially leading to financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.

Data Acquisition by Threat Actor

Inquiries about acquiring these extensive datasets have yielded an elusive response from the threat actor. The actor has denied any involvement in a breach.

ALSO READ: India.gov.in Data Breach Exposes Over 100,000 Records, Raising Security Concerns

“The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented. Telecom service providers and the government must validate the data and identify the loophole. This breach underscores the critical need for organizations and individuals to prioritize cybersecurity measures and remain vigilant,” said Sparsh Kulshrestha, Threat Intelligence & Security Research CloudSEK.  

Previous Threat Actor Activity

Members of the CYBOCREW group have previously claimed real-time access to Indian phone number KYC details, including government lookup capabilities, in July 2023.

The exact methods employed by the threat actor remain undisclosed. The CYBOCREW group has also been observed selling API access to the Indian vehicle database, boasting access to 815 million Aadhaar and passport records, alongside the Indian Mobile Network Consumer Database.

Threat Actor Activity and Rating

The CYBOCREW group, which became active in July 2023, includes prominent threat actors CyboDevil and UNIT8200, both joining the underground forum in June 2023. These threat actors have been linked to major breaches, targeting multiple organizations in the automobile, jewelry, insurance, and apparel sectors.

ALSO READ: McDonald’s Data Exposed: Hackers Exploit Software Vulnerability, 34.7GB of Data On Sale

Known for their robust reputation and active presence in underground forums, these threat actors demonstrate sophisticated and persistent engagement.

As part of responsible disclosure CloudSEK has informed the relevant authorities and organisations possibly impacted by the breach.

Impact & Mitigation

The compromised information poses various risks, including financial fraud, social engineering tactics, identity theft, and targeted scam campaigns. To mitigate these risks, it is essential for organizations to:

•  Implement advanced threat detection systems to identify and block suspicious activities
•  Ensure compliance with data protection regulations to mitigate legal and financial repercussions associated with data breaches.
• Conduct awareness programs to educate users about potential scams and phishing attempts, emphasizing vigilance in online interactions.

This breach highlights the urgency of addressing systemic weaknesses, collaborating with relevant authorities, and implementing robust cybersecurity measures to safeguard against unauthorized access and data breaches.