Thanks to Covid-19 pandemic-induced lockdown in early 2020, billions of people moved their work and studies to the virtual world. However, higher usage of digital service also attracts cybercriminals to prey on naive users to steal their personal data and even the hard-earned money.
Also, the companies, which offer digital services also have a big responsibility of scaling the security to prevent such activities. Now, the report has emerged that more than 2.5 million Airtel customers' details including phone numbers and Aadhaar details have been leaked online through a website.
Independent security expert Rajshekhar Rajaharia took to Twitter to reveal the sample data consisting of customers' Aadhaar IDs, address, dates of birth, names, and phone numbers.
A hacker team, which goes by the moniker 'The Red Rabbit' has got the details of Airtel customers of Chattisghar, Delhi, Jammu and Kashmir, Karnataka, Mumbai, Maharashtra, Punjab, Rajasthan, and other states.
The hacker group had demanded $3,500 (approx. Rs 2,55,294, based on the latest Rupee-USD exchange value) in Bitcoin cryptocurrency. Rajaharia also showed a phone screen recorder showing Airtel negotiating ransom terms set by The Red Rabbit team.
The data breach and the negotiation has been going on since December 2020. After the negotiations failed, the cybercriminal team dumped the compromised user-data on the dark net through their website.
Strange! @airtelindia already aware about this alleged breach since last 3 months. Hacker posted all email conversations with airtel too. They also posted POC video. What steps taken to remove and patch? I am also an Airtel Subscriber.🙁#InfoSec #DataLeak #GDPR #databreaches pic.twitter.com/Tdu9mMMIOW— Rajshekhar Rajaharia (@rajaharia) February 2, 2021
However, Airtel has denied any data breach in its server and added that it has flagged the report to relevant government authorities to conduct the cyber investigation.
"Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter," Airtel Spokesperson said to DH.
As of now, the website which had put Airtel consumer details on sale has been taken down.
"All tech companies should start hiring in Cyber Security. They should regularly monitor their systems. And if any data breach happens they should accept it honestly. These days everyone is denying in India," Rajshekhar Rajaharia said to DH.
Last month, we saw more than 500 million Facebook IDs, and the corresponding phone number details were put on sale on Telegram messenger.