Another Big Data Breach? 2.5 Million User Data Up For Sale, Airtel Denies Hack

New Delhi: A group of hackers have put data of 2.5 million Bharti Airtel users on sale but the telecom operator has denied any breach from their end. The group of hackers were also trying to strike a deal with the telecom company and allegedly tried extorting $3500 in Bitcoins.

According to cyber experts, random check of data dump do belong to Airtel and the leaked data includes details of their Aadhaar number, address and the date of birth. A sample of the database was shared on Twitter by cyber security researcher Rajshekhar Rajaharia which shows masked details of the subscribers.

Rajaharia said that Airtel was aware of this alleged breach since the last three months as hacker posted all email conversations with them. Rajaharia also shared a video of an email conversation between Airtel and hacker with the name of Red Rabbit Team. The hacker email video shows that they informed Bharti Airtel about the breach in December and offered some deals.

The video shows reply of Airtel’s Security Team which said that it sought time to hear from seniors and asked for the next phase and requested to bring down the website till it gets back to the hacker for the next step.

“Hackers have claimed that they have access to pan-India data of Airtel subscribers and they only uploaded a sample of subscribers data from Jammu and Kashmir. It may be possible that the hacker may have uploaded a shell (malicious software code) in Airtel servers. During the covid-19 peak period several companies could not focus on security and their data was breached,” Rajaharia said.

According to Rajaharia, the hackers allegedly uploaded details of 2.5 million Airtel subscribers as a sample in January 2021 and tried to extort money from the company.

The website which hosted the leaked data is not accessible now. However, the archives pages showed that hackers claimed to have access to the Airtel database.

Bharti Airtel spokesperson denied any breach of the company’s servers. The company in their statement said, “Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter.”

If there was no leak from the telecom company’s end, how did such huge data came to be in the possession of hackers? Why was Airtel engaged in conversation with hackers for long if the data does not belong to them? It also raises questions on who do telecom agencies share their data with and how their partners are keeping it safe. With such leaks becoming more frequent, cyber experts are raising questions over why was data of such nature not encrypted.