27.8 C

BSNL Data Breach Exposes Sensitive User Information: Dark Web Sale Raises Privacy Alarms

The state-owned telecommunications operator Bharat Sanchar Nigam Ltd (BSNL) is reported to have experienced a data breach, with a threat actor named ‘Perell’ claiming possession of “critical information” related to the company’s users, according to ET sources. The alleged breach involves the disclosure of a ‘sample dataset’ on a dark web forum, comprising sensitive details of BSNL’s fibre and landline users.

The dataset, consisting of about 32,000 lines, is claimed by the threat actor to represent a total of over 2.9 million lines across all databases. The compromised data includes email addresses, billing details, and contact numbers, as well as information on mobile outage records, network details, completed orders, and customer information.

All About BSNL Data Breach

The breach is considered a significant threat to the privacy and security of BSNL customers, identified as critical infrastructure, with concerns raised about potential consequences such as identity theft, financial fraud, and targeted phishing attacks. The sample dataset, reviewed by ET, reveals customer details such as their district. The Cybersecurity watchdog Cert-In has reportedly been informed about the incident.

image 657 BSNL Data Breach Exposes Sensitive User Information: Dark Web Sale Raises Privacy Alarms

Kanishk Gaur, a cybersecurity expert, expressed deep concern about the breach, emphasizing its far-reaching implications for both BSNL and its users. Saket Modi, CEO of Safe Security, suggested that the breach might be an individual act rather than the work of an organized cybercriminal group, citing indications from the hacker about the number of compromised data rows.

- Advertisement -TechnoSports-Ad
image 658 BSNL Data Breach Exposes Sensitive User Information: Dark Web Sale Raises Privacy Alarms

The available data structure on the dark web suggests a potential exploitation of a SQL (Structured Query Language) Injection vulnerability, a common attack vector for manipulating backend databases. Modi highlighted that the hacker claimed to possess data from other sources, including a Russian social media site, a Cambodia Khmer citizen database, and various domains.

Gaur stressed the importance of immediate and transparent actions by BSNL to address the breach, recommending continuous monitoring of the attack surface, robust cybersecurity frameworks, regular security audits, and employee training in cybersecurity awareness. This incident follows a data breach reported at the Taj Hotels Group less than a month ago.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Related Stories

More from author

OnePlus Pad 2 Anticipated for Second Half of 2024 Debut, Reveals Insider Tip

OnePlus made a splash in the tablet space with the global launch of the OnePlus Pad in February. Less than a year after that...

AI-Focused M4 Chips: Coming to Macs Starting Late 2024

Mark Gurman at Bloomberg says Apple will start releasing its Mac lineup with M4 chips by the end of 2024. M4s that will be...

New Renders of Nothing Ear A and Ear Surface Online, Pricing Details Revealed

Nothing has confirmed the launch of Nothing Ear and Nothing Ear A on April 18, but before its official release, leaked renders of the...

Apple Vision Pro Headset Users Report Headaches, Neck Pain, and Black Eye Concerns

A recent article by MarketWatch has drawn attention to the struggles of some of Apple’s Vision Pro headset owners who encountered multiple health-related problems...