Airtel Data Breach

Article by Tsaaro

7 min read

Airtel Data Breach

Airtel is in the center of a massive data breach that left all of its user data vulnerable to potential theft. A hacker group going by the name of Red Rabbit Team has posted details of as many as 25 lakh (2.5 million) Airtel subscribers online as “sample data” including details like City, Gender, Full name, Date of birth, Service status, Phone number, House number, Aadhaar number, Passport, Voter ID, Father / Husband name and IMSI ( International mobile subscriber identity) number and is looking to sell all subscriber data for $3,500 bitcoins. The website where the sample data was posted has been taken down earlier this week, however, the hacker group allegedly remains in possession of all Airtel subscribers data.

Airtel’s Data Protection Strategy

Airtel’s three-part data protection solution is designed to combat data breach risks on all fronts – the internet, email, instant messaging applications, and social media. Data loss prevention (DLP) is ensured through advanced leak detection capabilities which monitor the movement and protection of classified corporate data around-the-clock. Data classification aids the creation of leak-proof data security strategies and bolsters governance systems. It streamlines protection across the data lifecycle whether in use, at rest, or in motion. Finger-printing systems also improve user discovery and management on the enterprise network.

Privileged Access Management (PAM) as the rearguard fortifies authorized access to enterprise networks. It increases productivity through Privileged Session Management, reduces excessive privilege delegation, and eliminates credential sharing.

Bharti Airtel Gets Breached

The sample data sets released contains details of Airtel users from regions such as Jammu and Kashmir, Punjab, Delhi, Maharashtra, Rajasthan, Karnataka and more. A video of a conversation between the hacker group and Airtel’s Security Incident Response Team (SIRT) dating back to December 2020, indicates that Airtel was aware of a potential data breach for the past two months or so as the hackers were planning to extort the same amount from Airtel.

Red Rabbit Team in a message to PTI claimed that it has access to pan-India data of Bharti Airtel through a web shell uploaded on the company’s server and will leak more data soon. The hackers targeted one of Airtel’s server where they uploaded a shell script which is essentially a malicious code or file that gives control of a server to the hackers and allows hackers access to launch attacks using a compromised web server. The data breach and the negotiation has been going on since December 2020. After the negotiations failed, the cybercriminal team dumped the compromised user-data on the dark net through their website. However, the website which was used to upload alleged Airtel data was hacked on 4 December 2020 by Mr Clay (TeamLeets – a Pakistani Hacker Group). This also indicates that a Pakistani hacker group TeamLeets may be behind this data leak.

During a POC of the incident, on reviewing the data and a sample of the phone numbers, it was verified that these were active subscribers of the telecom operator.  On tallying  these numbers with the respective names on Truecaller, a caller identification app, it was seen that the details (like the name of the subscriber and telecom provider) matched.

Conclusion

“Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter,” Airtel said in a statement to the media.

Although Airtel has denied the claims of a hack or breach, it is strongly recommended that tech companies hire more cybersecurity specialists as we witness a paradigm shift to a virtual working environment. A sustainable network architecture along with regular monitoring of servers and timely updates to the operating system can help safeguard companies against such attacks.

31 thoughts on “Airtel Data Breach”

  1. he allure of hitting a jackpot attracts many players. Progressive pokies, in particular, offer life-changing sums of money.
    Variety of Games: The diverse range of pokies available ensures that there is something for everyone. From classic three-reel machines to modern video pokies with immersive themes, the choices are endless.

  2. I’m impressed, I must say. Rarely do I come across a blog that’s both educative and interesting, and without a doubt, you have hit the nail on the head. The problem is something that too few men and women are speaking intelligently about. Now i’m very happy that I came across this during my search for something relating to this.

  3. Howdy! This article could not be written much better! Going through this post reminds me of my previous roommate! He always kept preaching about this. I will forward this post to him. Fairly certain he’s going to have a good read. Thank you for sharing!

  4. Hi, I do believe this is a great web site. I stumbledupon it 😉 I may return yet again since I book-marked it. Money and freedom is the greatest way to change, may you be rich and continue to guide other people.

  5. I must thank you for the efforts you have put in writing this site. I’m hoping to check out the same high-grade content by you in the future as well. In truth, your creative writing abilities has motivated me to get my very own website now 😉

  6. After I originally left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I receive four emails with the exact same comment. Perhaps there is an easy method you can remove me from that service? Many thanks.

  7. I was more than happy to uncover this web site. I need to to thank you for your time due to this fantastic read!! I definitely enjoyed every little bit of it and i also have you book-marked to check out new things on your website.

  8. Having read this I believed it was very informative. I appreciate you spending some time and effort to put this content together. I once again find myself spending way too much time both reading and posting comments. But so what, it was still worth it!

  9. I blog frequently and I genuinely thank you for your content. The article has truly peaked my interest. I will take a note of your website and keep checking for new details about once per week. I subscribed to your RSS feed too.

  10. I’m amazed, I have to admit. Seldom do I encounter a blog that’s equally educative and amusing, and without a doubt, you have hit the nail on the head. The problem is something which too few men and women are speaking intelligently about. Now i’m very happy I found this in my search for something regarding this.

  11. After I initially left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I receive four emails with the exact same comment. Is there a way you can remove me from that service? Thanks a lot.

  12. I blog often and I truly thank you for your content. Your article has really peaked my interest. I’m going to take a note of your blog and keep checking for new information about once per week. I opted in for your RSS feed as well.

  13. Having read this I thought it was rather informative. I appreciate you finding the time and energy to put this informative article together. I once again find myself spending way too much time both reading and posting comments. But so what, it was still worthwhile!

Leave a Reply

Your email address will not be published. Required fields are marked *

Tsaaro Consulting

The European Data Protection Board (EDPB) on 8th October 2024, issued draft Guidelines 1/2024 on processing of personal data based …

Tsaaro Consulting

Introduction   With data playing a pivotal role in business operations, ensuring data privacy compliance has become a key focus in …

Tsaaro Consulting

The FinTech industry has transformed the financial landscape, offering customers digital solutions that make banking, lending, insurance, and investing more …

Tsaaro Consulting

In a rapidly evolving financial landscape, the global open banking market is set to skyrocket from $7.29 billion in 2020 …

Shubham Bansal

Introduction   As AI systems become more integrated into industries like healthcare, finance, and tech, ensuring their ethical and transparent use …

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them