Personal data of at least 26 lakh Airtel users – nearly all belonging to Indian-administered Kashmir – have been hacked and are being sold for $3500 in Bitcoin on the web, reports said on Tuesday.
The data of Airtel customers contain telephone numbers, addresses, Aadhaar numbers and other details, according to the screenshots and a video.
Independent cyber security researcher Rajshekhar Rajaharia, who shared the screen shots, said the hacker had access to the data and wanted to sell them, but could not succeed. “Hence the hackers dumped the data on the internet,” he claimed, adding the data may also have been leaked from any third-party source and not the mobile phone company Airtel.
According to Rajaharia, the hacker who goes by the name of Red Rabbit Team, uploaded the details of Airtel users in January and aimed to “extort money” from the telecom giant.
Airtel said in a statement that it “takes great pride in deploying various measures to safeguard the privacy of its customers”.
“In this specific case, we confirm that there is no data breach at our end. In fact, the claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel. We have already apprised the relevant authorities about the matter,” the company said.
Rajaharia said the hacker had deleted the data dump in the previous web link but the same data are now available in another link.
“The hacker had dumped the data on the public forum and not on the Dark Web,” said the researcher, who had recently exposed several hackers who compromised the data of Indian firms such as BuyUCoin and JusPay, among others.
Earlier, data of over two crore Bigbasket users were hacked in November last year and were on sale on the Dark Web for over $40,000 – which is reported to be the handiwork of another hacker who goes by the name of ShinyHunters.