Hacker Stole ‘Airtel India’ Subscriber Data and Put Them up for Sale

By Bill Toulas / February 2, 2021

A hacker has planted a web shell on Airtel India’s network systems and managed to eventually access the database containing sensitive customer data. Probably after failing to sell access to the shell, the hacker proceeded by exfiltrating the data and is now selling them on hacker forums.

According to independent researcher Rajshekhar Rajaharia, who gave us the tip, the sample data alone contains 2.5 million records, including full names, telephone numbers, Aadhaar numbers, physical address, IMSI (international mobile subscriber identity) number, and more.

Scroll to the left
Scroll to the right

Interestingly, the server infiltrators seem to have warned Airtel about the breach, and even gave them advice on how to properly secure their systems. The hackers themselves posted some of the conversations they had with the firm’s agents, which is a very unusual thing.

Also, it is a clear indicator of a multi-level failure for Airtel. The breach took place over three months ago, and the firm had ample time to investigate the incident and send out notifications to the compromised subscribers. That was the least they could do, yet they failed at that too.

Airtel India is the second-largest provider of telecommunication services in the country, counting over 335 million subscribers. Thus, the 2.5 million records given out as a sample could be just a small percentage of what the hackers are holding. Considering the type of data that has been leaked this time, the affected individuals should be aware of scamming attempts, smishing attacks, and impersonation.

Because father names linked to each subscriber were leaked too, elder fraud is also a dire possibility. Thus, talk to your father and warn them about the risk of receiving calls that make all kinds of claims.

As the notorious data broker ‘ShinyHunters’ told Rajaharia during a chat they had recently, when companies in India refuse to take full responsibility for data incidents, that data is being leaked to the public as a response. The case with Airtel appears to be a classic example of that, although we don’t know the specifics.

Finally, we’re seeing yet another database holding sensitive information but not bothering to encrypt everything, so it’s all readable by anyone now. Not being able to ensure total security against all potential threats is understandable, but not doing everything to keep people’s data safe is unacceptable.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari