Bharat Sanchar Nigam Limited (BSNL) suffered a data breach as a threat actor claimed to have “critical information” related to the state-owned telecom operator's users.
The threat actor, using the alias "Perell", released a sample dataset containing 32,000 lines of data, which included sensitive details of fibre and landline users of BSNL, on a dark web forum. The threat actor claimed that the total number of lines across all databases amounts to 2.9 million. The dataset includes email addresses, billing details, contact numbers, and other sensitive data besides information about mobile outage records, network details, completed orders, and customer information.
According to a report in The Economic Times (ET), an official said, “This poses an imminent threat to the privacy and security of BSNL customers which is considered critical infrastructure. Cybersecurity watchdog Cert-In has been apprised of the attack."
“The recent data breach at BSNL is deeply concerning. This incident has far-reaching implications for both BSNL and its users. The breach, involving sensitive information not only compromises the privacy of the users but also places them at risk of identity theft, financial fraud, and targeted phishing attacks,” said Kanishk Gaur, founder of India Future Foundation, a think tank working on cybersecurity.
Saket Modi, co-founder, and chief executive officer (CEO) of Safe Security, a cyber risk management startup, said, “The hacker claims that the number of rows of data to be around 2.9 million, which indicates a high probability that it is a single website that may have been breached."
He added that the data structure available on the dark web can be an exploitation of a SQL (structured query language) injection vulnerability, which is an attack vector that uses "malicious SQL code for backend database manipulation to access information that was not intended to be displayed".
He further said that the hacker claimed to have data from the Russian social media site noomera.ru, Cambodia Khmer citizen database, playthe.net, and lanichost.la.