- Hackers allegedly leaked data of 2.5 million Airtel subscribers.
- Airtel says the claims made by the hacker group has glaring inaccuracies.
- The websites that hosted the leaked numbers and details are no longer accessible.
Millions of Airtel numbers may have been part of a recent leak that reportedly saw telephone numbers alongside personal details like address, city, Aadhaar card number, and gender details being up for sale on the web. India Today Tech has seen the details of the data dump and has verified that many numbers part of it do belong to Airtel customers.
In total hackers allegedly put out details over 2.5 million Airtel users. However, they were claiming that they had details of all Airtel users in India and that they wanted to sell the data.
The information has been revealed by Rajshekhar Rajaharia, an Internet security researcher. India Today Tech learns from him that the hackers even communicated with Airtel security teams and then tried to blackmail the company and extort $3500 in Bitcoins from it.
However, it seems that the hackers failed and in the frustration, they put up the data on sale on the web, by creating a website for it and showing a sample of the user details that they had.
This website is no longer available. India Today Tech learns that the data may not have been leaked from Airtel's systems or servers. Instead, it could have been leaked from other sources, possibly the government agencies, which get access to some of the telecom data for security purposes. This is likely to be why the leaked 25 lakh -- 2.5 million -- numbers belong to subscribers in the J&K region.
According to Rajaharia, the hackers allegedly uploaded details of 2.5 million Airtel subscribers as a sample in January 2021 and tried to "extort money" from the company. "Everything was posted on the web... not on the dark web," he said.
Another Big Data Breach? A Hacker Group alleged uploaded "shell" in @airtelindia Server. Now selling all India Airtel subscribers data including Aadhaar Number. Posted 2.5 Million as sample data. (in Jan 2021)#InfoSec#DataLeak#GDPR#databreaches#dataprotection#DataPrivacyDaypic.twitter.com/uxWopfKU0M— Rajshekhar Rajaharia (@rajaharia) February 2, 2021
He added that the sample data dump of 25 lakh Airtel subscribers belongs to one region that is Jammu and Kashmir.
We independently verified some of the leaked numbers. We tallied these numbers with the respective names on Truecaller, a caller identification app, and could see that the details (like the name of the subscriber and telecom provider) matched.
Responding to the story, Airtel in a statement said, "Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter."
India Today Tech also got access to a proof of concept video that shows a chat between the Red Rabbit team, the alleged hacker group holding the Airtel data, and Airtel's online security team.
In a thread of emails, one of the purported emails seen in POC video shows some visible lines from the hacker group to Airtel that read, "After few hours we will down our website and go for next phase. Not possible to trace us, dear, even on the clean net. Let you may consult your team that either they want to continue the cyber fight or finalise deal. We really do not want to harm your business and network, but your team is forcing to do this."
On the above mail, the Airtel team responded, "Dear team, We are sharing what you have shared with our seniors to respond, please allow us some time to get back to you. Please confirm what is the next phase and if you can take this website down till we confirm on next steps."
The above mail is from December 12, 2020, as per the researcher's video shared with the India Today Tech team.
Next mail dated December 31, 2020, sees the hacker group responding with another warning. "Still you have time, we can make deal and we will not sale your database to any hostile entity or others and will also patch vulnerabilities. After few hours, we will down our website and will go for next phase...."
In the next few mails, the hackers stressed that they had access to Airtel's database and the network while the online security team kept buying more time.
The security researcher said that the website where the user data was hosted was taken down earlier on Tuesday. It is not clear if why the hackers took down the website.