Department of Telecom Orders Security Audit Amid Claims of Massive Data Leak

The Department of Telecom (DoT) has directed telecom service operators to conduct a security audit of their systems following allegations from cybersecurity firm CloudSEK. The firm reported that data of 750 million Indian subscribers is being sold on the dark web, comprising a 1.8-terabyte database. The DoT’s move comes after CloudSEK claimed that the breach occurred through undisclosed asset work within law enforcement channels.

CloudSEK’s report highlighted that CYBO CREW affiliates CyboDevil and UNIT8200 are advertising the massive Indian Mobile Network Consumer Database for sale. The compromised dataset reportedly includes sensitive information such as names, mobile numbers, addresses, and Aadhaar details, posing a significant security threat.

Telecom operators, however, have informally communicated to the department that the leaked information appears to be a compilation of old data sets and is not a result of any vulnerability in their systems. CloudSEK, which collaborates with government cybersecurity CERT-In, emphasized that the breach was discovered on January 23. As part of responsible disclosure, CloudSEK has informed relevant authorities and organizations possibly impacted by the breach.

The leaked Personally Identifiable Information (PII) presents substantial risks, including financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks. CloudSEK revealed that the threat actor is demanding USD 3,000 for the entire dataset, which is compressed to 600GB and uncompressed to 1.8TB.

Sparsh Kulshrestha, Threat Intelligence and Security Research at CloudSEK, emphasized the unprecedented magnitude of the data leak, urging telecom service providers and the government to validate the data and identify the loophole. The provided sample has been verified, confirming the association of mobile numbers with major Indian telecom operators, along with valid Aadhaar numbers. Relevant government authorities and telecom operators have been promptly notified by CloudSEK.