Airtel Data Breach

Airtel is in the center of a massive data breach that left all of its user data vulnerable to potential theft. A hacker group going by the name of Red Rabbit Team has posted details of as many as 25 lakh (2.5 million) Airtel subscribers online as “sample data” including details like City, Gender, Full name, Date of birth, Service status, Phone number, House number, Aadhaar number, Passport, Voter ID, Father / Husband name and IMSI ( International mobile subscriber identity) number and is looking to sell all subscriber data for $3,500 bitcoins. The website where the sample data was posted has been taken down earlier this week, however, the hacker group allegedly remains in possession of all Airtel subscribers data.

Airtel’s Data Protection Strategy

Airtel’s three-part data protection solution is designed to combat data breach risks on all fronts – the internet, email, instant messaging applications, and social media. Data loss prevention (DLP) is ensured through advanced leak detection capabilities which monitor the movement and protection of classified corporate data around-the-clock. Data classification aids the creation of leak-proof data security strategies and bolsters governance systems. It streamlines protection across the data lifecycle whether in use, at rest, or in motion. Finger-printing systems also improve user discovery and management on the enterprise network.

Privileged Access Management (PAM) as the rearguard fortifies authorized access to enterprise networks. It increases productivity through Privileged Session Management, reduces excessive privilege delegation, and eliminates credential sharing.

Bharti Airtel Gets Breached

The sample data sets released contains details of Airtel users from regions such as Jammu and Kashmir, Punjab, Delhi, Maharashtra, Rajasthan, Karnataka and more. A video of a conversation between the hacker group and Airtel’s Security Incident Response Team (SIRT) dating back to December 2020, indicates that Airtel was aware of a potential data breach for the past two months or so as the hackers were planning to extort the same amount from Airtel.

Red Rabbit Team in a message to PTI claimed that it has access to pan-India data of Bharti Airtel through a web shell uploaded on the company’s server and will leak more data soon. The hackers targeted one of Airtel’s server where they uploaded a shell script which is essentially a malicious code or file that gives control of a server to the hackers and allows hackers access to launch attacks using a compromised web server. The data breach and the negotiation has been going on since December 2020. After the negotiations failed, the cybercriminal team dumped the compromised user-data on the dark net through their website. However, the website which was used to upload alleged Airtel data was hacked on 4 December 2020 by Mr Clay (TeamLeets – a Pakistani Hacker Group). This also indicates that a Pakistani hacker group TeamLeets may be behind this data leak.

During a POC of the incident, on reviewing the data and a sample of the phone numbers, it was verified that these were active subscribers of the telecom operator.  On tallying  these numbers with the respective names on Truecaller, a caller identification app, it was seen that the details (like the name of the subscriber and telecom provider) matched.

Conclusion

“Airtel takes great pride in deploying various measures to safeguard the privacy of its customers. In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter,” Airtel said in a statement to the media.

Although Airtel has denied the claims of a hack or breach, it is strongly recommended that tech companies hire more cybersecurity specialists as we witness a paradigm shift to a virtual working environment. A sustainable network architecture along with regular monitoring of servers and timely updates to the operating system can help safeguard companies against such attacks.