Home News Airtel Data Leak: Close to 2.5 Mn Indian Users Likely Affected

Airtel Data Leak: Close to 2.5 Mn Indian Users Likely Affected

In a shocking revelation, cybercriminals have likely leaked the PII of nearly 2.5 million Indian users and posted it on the web for sale.

India, cybercriminals, Airtel, Bharti Airtel, Airtel data leak, data leak, data breach, Aadhar, Aadhar data leak, identity theft, India Today, India Today Tech, data on sale,

India has been tiptoeing on finalizing its Personal Data Protection (PDP) Bill for a long time now. A month ago, it made 89 amendments and added one new clause to this long-standing bill, which has been debated in the parliament since its introduction in 2019. However, this needs to speed up, now more than ever, for the bill to become an Act/law. We are saying this because cybercriminals are polishing their ways of getting away, and the end-users are suffering, which is quite evident from the latest instance where a likely data leak has hit Indian telco giant Airtel, exposing the personally identifiable (PII) of millions of users. If this were to happen in the EU, the said company would face steep fines, as per the GDPR.

Airtel Data Leak

According to a report from a national publication house, India Today, nearly 2.5 million (25 lakh) subscribers of Airtel (registered under Bharti Airtel Ltd.) have likely fallen prey to a data leak that included their PII data. Airtel is India’s largest telecom service provider. Security researcher Rajshekhar Rajaharia made the discovery of this alleged data leak public through a tweet.

Reports suggest that the leaked information included the following:

  • Telephone number
  • Address
  • City
  • Aadhaar card number
  • Gender details

Related News:

Zhenhua Data Leak: Is China Spying and Collecting Data on Indians?

Was Airtel Aware?

Rajaharia shared another tweet where he revealed that Airtel’s security teams knew about the alleged leak and were in constant contact with the cybercriminals going by the name “Red Rabbit Team.”

According to the email trail presented in the video, the cybercriminals first reached out to the Airtel security team on December 12, 2020. They asked for a payout of $3,500 worth of Bitcoins in exchange for the leaked data. However, Airtel’s security team kept pushing them to allow extra time for negotiation. Eventually, out of infuriation, the Red Rabbit team posted the leaked data on the open web, which included a sample data set of 2.5 million subscribers as proof.

Rajaharia noted that the website containing the sample data set was taken down a few days ago and contained data majorly of Airtel’s subscribers in the Jammu and Kashmir region. However, if the leaked data was just a subset of the original data set, it could well mean that this is one of the biggest data leaks in India because Airtel has a subscriber base of nearly 327 million in the country.

An Earlier Instance

Around a year or two back, Airtel had accepted a security flaw in its mobile app’s API that allowed potential threat actors to fetch sensitive user information of any Airtel subscriber. Although Airtel quoted,  “We’ve fixed it,” could this have led to the current data leak situation?

Related News:

Airtel Accepts Security Flaw, Says, “We’ve Fixed it”