A leading cybersecurity firm has uncovered a colossal security breach compromising the personal information of a staggering 750 million individuals in India.
The breach, disclosed recently, is one of the largest in recent times, with a 1.8 terabyte database containing crucial details such as names, mobile numbers, addresses, and Aadhaar information.
The exposed dataset, covering approximately 85% of the Indian population, is compressed to 600GB and expands to a colossal 1.8TB when uncompressed.
Notably, the hackers are demanding $3,000 for the entire dataset.
The breach came to light when CloudSEK’s AI digital risk platform, XVigil, flagged an underground forum post by threat actor CyboDevil, advertising the Indian mobile network consumer database.
UNIT8200 had earlier promoted a similar dataset on Telegram on January 14.
CloudSEK’s initial analysis unveiled that major telecom providers were affected, posing significant risks of financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.
The threat actors, identified as members of the CYBOCREW group, have boasted about their prior access to real-time Indian phone number, KYC details and have been observed selling API access to the Indian vehicle database.
The breach underscores potential vulnerabilities within government databases or telecommunication systems.
CloudSEK has promptly notified relevant authorities and organisations at risk.
In response, individuals and entities are urged to implement advanced threat detection systems, ensure compliance with data protection regulations, and conduct awareness programmes to thwart potential scams and phishing attempts.
This incident serves as a stark reminder of the persistent threats in the digital landscape, emphasising the need for a collective effort to fortify cybersecurity defences and safeguard sensitive information.