BSNL: Sensitive user info hawked on dark web post BSNL data breach

The threat actor using the alias ‘Perell’ has disclosed a “sample dataset” on a dark web forum, including sensitive details of fibre and landline users of BSNL. The dataset contains about 32,000 lines of data and the threat actor claimed that the total number of lines across all databases amounts to approximately over 2.9 million.

The compromised data include email addresses, billing details, contact numbers, and other sensitive data besides information about mobile outage records, network details, completed orders, and customer information, a person aware of the development told ET.

“This poses an imminent threat to the privacy and security of BSNL customers which is considered critical infrastructure,” the person said.

ET has reviewed the sample data set and found details like a customer’s district being mentioned.

Discover the stories of your interest

Cybersecurity watchdog Cert-In has been apprised of the attack, the person quoted above said.

Also read | Over 1 lakh cyber security incidents in govt organisations this year

Queries sent to BSNL and Cert-In remained unanswered as of press time Thursday.

“The recent data breach at BSNL is deeply concerning,” said Kanishk Gaur, cyber security expert and founder of India Future Foundation, a think tank working on internet safety and cybersecurity. “This incident has far-reaching implications for both BSNL and its users. The breach, involving sensitive information not only compromises the privacy of the users but also places them at risk of identity theft, financial fraud, and targeted phishing attacks,” he told ET.

Saket Modi, cofounder and CEO of Safe Security, a cyber risk management startup, said the hack seems to have been carried out by an individual rather than an organised cybercriminal group.

“The hacker claims that the number of rows of data to be around 2.9 million, which indicates a high probability that it is a single website that may have been breached,” Modi told ET. “Additionally, the sample data structure available on the dark web points to possible exploitation of a SQL (Structured Query Language) Injection vulnerability.”

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists, and private customer details.

Modi pointed out that the hacker in the same thread also said he has data from Russian social media site noomera.ru, Cambodia Khmer citizen database, playthe.net, and lanichost.la.

Gaur said it was imperative for BSNL to take immediate and transparent steps to address this breach. “I recommend that BSNL continuously monitors its attack surface, conducts thorough cyber incident responses, and builds a defence-in-depth framework to safeguard its assets from further attacks,” he said.

The development comes less than a month after ET had reported that Tata-owned Taj Hotels Group had an alleged data breach done by a threat actor who claimed that he had breached 1.5 million customer data.

Gaur said BSNL must adopt a series of best practices that include implementing robust cybersecurity frameworks, conducting regular security audits, and ensuring all systems are updated with the latest security patches.

“Employee training in cybersecurity awareness is also crucial, as human error often plays a significant role in such breaches,” he said. “Additionally, BSNL should establish a swift incident response mechanism to effectively deal with future cybersecurity threats.”

The threat actor using the alias ‘Perell’ has disclosed a “sample dataset” on a dark web forum, including sensitive details of fibre and landline users of BSNL. The dataset contains about 32,000 lines of data and the threat actor claimed that the total number of lines across all databases amounts to approximately over 2.9 million.

The compromised data include email addresses, billing details, contact numbers, and other sensitive data besides information about mobile outage records, network details, completed orders, and customer information, a person aware of the development told ET.

“This poses an imminent threat to the privacy and security of BSNL customers which is considered critical infrastructure,” the person said.

ETtech

ET has reviewed the sample data set and found details like a customer’s district being mentioned.

Discover the stories of your interest

Cybersecurity watchdog Cert-In has been apprised of the attack, the person quoted above said.

Also read | Over 1 lakh cyber security incidents in govt organisations this year

Queries sent to BSNL and Cert-In remained unanswered as of press time Thursday.

“The recent data breach at BSNL is deeply concerning,” said Kanishk Gaur, cyber security expert and founder of India Future Foundation, a think tank working on internet safety and cybersecurity. “This incident has far-reaching implications for both BSNL and its users. The breach, involving sensitive information not only compromises the privacy of the users but also places them at risk of identity theft, financial fraud, and targeted phishing attacks,” he told ET.

Saket Modi, cofounder and CEO of Safe Security, a cyber risk management startup, said the hack seems to have been carried out by an individual rather than an organised cybercriminal group.

“The hacker claims that the number of rows of data to be around 2.9 million, which indicates a high probability that it is a single website that may have been breached,” Modi told ET. “Additionally, the sample data structure available on the dark web points to possible exploitation of a SQL (Structured Query Language) Injection vulnerability.”

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists, and private customer details.

Modi pointed out that the hacker in the same thread also said he has data from Russian social media site noomera.ru, Cambodia Khmer citizen database, playthe.net, and lanichost.la.

Gaur said it was imperative for BSNL to take immediate and transparent steps to address this breach. “I recommend that BSNL continuously monitors its attack surface, conducts thorough cyber incident responses, and builds a defence-in-depth framework to safeguard its assets from further attacks,” he said.

The development comes less than a month after ET had reported that Tata-owned Taj Hotels Group had an alleged data breach done by a threat actor who claimed that he had breached 1.5 million customer data.

Gaur said BSNL must adopt a series of best practices that include implementing robust cybersecurity frameworks, conducting regular security audits, and ensuring all systems are updated with the latest security patches.

“Employee training in cybersecurity awareness is also crucial, as human error often plays a significant role in such breaches,” he said. “Additionally, BSNL should establish a swift incident response mechanism to effectively deal with future cybersecurity threats.”