In total, hackers allegedly put out details over 2.5 million Airtel users. Nevertheless, they were contending that they had details of all Airtel users in India and that they wanted to sell the data. The information has been disclosed by Rajshekhar Rajaharia, an Internet security researcher. India Today Tech learns from him that the hackers even spoke with Airtel security teams and then attempted to blackmail the company and swindle $3500 in Bitcoins from it.
Nonetheless, it looks like that the hackers failed, and they put up the data on sale on the web by developing a website for it and showing a sample of the user details. This website is no longer available. India Today Tech learns that the data may not have been leaked from Airtel’s systems or servers. Instead, it could have been leaked from other sources, possibly the government agencies, which get access to some of the telecom data for security purposes. This is likely to be why the leaked 25 lakh — 2.5 million — numbers belong to subscribers in the J&K region.
According to Rajaharia, the hackers allegedly uploaded details of 2.5 million Airtel subscribers as a sample in January 2021 and tried to “extort money” from the company. “Everything was posted on the web… not on the dark web,” he said.
Strange! @airtelindia already aware about this alleged breach since last 3 months. Hacker posted all email conversations with airtel too. They also posted POC video. What steps taken to remove and patch? I am also an Airtel Subscriber.🙁#InfoSec #DataLeak #GDPR #databreaches pic.twitter.com/Tdu9mMMIOW
— Rajshekhar Rajaharia (@rajaharia) February 2, 2021
He added that the sample data dump of 25 lakh Airtel subscribers belongs to one region that is Jammu and Kashmir.
One of the purported emails seen in the POC video shows some visible lines from the hacker group to Airtel that read, “After few hours we will down our website and go for next phase. Not possible to trace us, dear, even on the clean net. Let you may consult your team that either they want to continue the cyber fight or finalise deal. We really do not want to harm your business and network, but your team is forcing to do this.”
On the above mail, the Airtel team responded, “Dear team, We are sharing what you have shared with our seniors to respond, please allow us some time to get back to you. Please confirm what is the next phase and if you can take this website down till we confirm on next steps.”
The above mail is from December 12, 2020, as per the researcher’s video shared with the India Today Tech team.
Next mail dated December 31, 2020, sees the hacker group responding with another warning. “Still you have time, we can make deal and we will not sale your database to any hostile entity or others and will also patch vulnerabilities. After few hours, we will down our website and will go for the next phase….”
In the next few emails, the hackers pointed up that they had entry to Airtel’s database and the network while the online security team kept buying more time.
The security researcher said that the website where the user data was hosted was taken down earlier on Tuesday. It is not clear if why the hackers took down the website.