Data of 750 million Indian mobile users stolen in alarming cybersecurity breach

The threat actor claims that the dataset covers approximately 85% of the Indian population, making it one of the most significant breaches of its kind. The compressed dataset, available for sale, amounts to 600GB, with the uncompressed version totalling 1.8TB. The threat actor is demanding $3,000 for the entire dataset.

Upon analysing the sample dataset, CloudSEK researchers identified that the leak affects major telecom providers, exposing individuals to potential financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.

The threat actor, CyboDevil, has provided an elusive response regarding the acquisition of the datasets, denying any involvement in a breach and claiming to have obtained the data through undisclosed asset work within law enforcement channels.

Sparsh Kulshrestha, Threat Intelligence & Security Research at CloudSEK, emphasised the severity of the breach, stating, "The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented."

The CYBOCREW group, active since July 2023, includes prominent threat actors CyboDevil and UNIT8200, both of whom joined the underground forum in June 2023. These actors have been linked to major breaches across various sectors.

Previous activities of the CYBOCREW group include claims of real-time access to Indian phone number KYC details in July 2023 and the sale of API access to the Indian vehicle database, boasting access to 815 million Aadhaar and passport records alongside the Indian Mobile Network Consumer Database.

As part of responsible disclosure, CloudSEK has informed relevant authorities and organisations potentially impacted by the breach. The compromised information poses risks such as financial fraud, social engineering tactics, identity theft, and targeted scam campaigns.