Hacker Claims to Sell 375 Million Airtel India Users’ Data | Airtel Denies the Breach

In addition to India’s rising scam call threat, Airtel India customers could be at an additional risk.

As per the latest information, personally identifiable information of more than 375 million Airtel India users has been allegedly leaked on the dark web.

 

The dataset is being sold through a popular data breach website called BreachForums.

According to the sample dataset provided on the website, the information set includes:

  • Mobile number
  • Name
  • Date of birth
  • Fatherโ€™s name
  • Local address
  • Permanent address
  • Alternative number
  • Email ID
  • Gender
  • Nationality
  • Connection type
  • Date of SIM activation
  • Aadhar number
  • Photo ID proof details
  • Address proof details

The data breach is claimed by a user called xenZen.

The dataset is available for $50,000 to be paid in XMR, a cryptocurrency known as Monero.

The info on the data leak was announced by a Twitter user who goes by the username @DarkWebInformer.

If the threat actorโ€™s claims are true, the data leak puts Airtel India customers at considerable risk, especially given that the Aadhar number (the unique identification system in India) has been leaked alongside other info, such as the date of birth.

The breach is reported to have happened in June 2024. xenZen, the threat actor responsible for the theft, also claimed the Indian Ministry of Affairs data breach. This breach consisted of information of over 200,000 users of the eMigrate portal.

Airtel India, however, has denied any such breach.

โ€œBasis preliminary investigation we can confirm that there has been no data breach whatsoever of Airtelโ€™s system,โ€ an Airtel spokesperson said.

They also questioned the authenticity of the hacker, highlighting that xenZen has not shown viable proof for the breach.

Update: Breachforums have removed xenZen’s post now.

Researchers at HackManac believe that this can be old data from a breach in 2019, in which 320 million customer records’ personal details, including names, phone numbers, email addresses, and Aadhaar card numbers,ย were exposed due to a system vulnerability.

Read More

Suggested Post