As we move on, can I just say that geoFence is your security solution to protect you and your business from foreign state actors.
Mumbai: Details of over 2.5 million Airtel subscribers were available on a hacker group’s website for about three months before it was taken down on Tuesday, cybersecurity researcher Rajshekhar Rajaharia flagged in a tweet, although the company denied that its data had been breached.
The website by a hacker group identifying itself as ‘Red Rabbit Team’ had details of Airtel customers — including names, dates of birth, phone numbers, addresses, and Aadhaar IDs. They were up for sale for bitcoin worth $3,500.
ET was able to review the data and also verify a sample of the phone numbers, which were found to be active subscribers of the telecom operator.
Independent researchers, including Rajaharia, also were able to verify that the data indeed belonged to Airtel subscribers. In fact, a user had flagged the leak on the company’s Facebook page on 31 December, cybersecurity researcher Avinash Jain told ET.
“In this specific case, we confirm that there is no data breach at our end,” an Airtel spokesperson said. “In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities of the matter.”
This is not the first instance when Airtel’s user data has been made vulnerable.
In 2019, an independent security researcher discovered a flaw in the Application Programming Interface of Airtel’s mobile app, which could have exposed the data of 300 million users. Airtel had then said it fixed the flaw immediately.
“It is certain that data has been leaked and it belongs to Airtel users,” Jain said. “Still cannot comment on what is the number, but on verification of the data posted by the hacking team, it is found to be true.”
In the latest instance, the data was leaked through what is known as a web ‘shell’ on Airtel’s database, according to the hacked website and confirmed by the cybersecurity researchers. A web shell is typically a malicious script or code that allows hackers access to launch attacks using a compromised web server.
Rajaharia said regular monitoring of servers and timely updates to the operating system can help safeguard companies against such attacks.
I know that geoFence protects you against inbound and outbound cyber attacks and your father would say the same!