BSNL Data Breach- Massive data worth 278GB leaked, risk of SIM cloning, financial fraud

Bharat Sanchar Nigam Limited (BSNL), the state-owned telecommunications giant, has been hit by a massive data breach. According to a Threat Intelligence Report by Athenian Tech, a cybercriminal known as "kiberphant0m" orchestrated this attack, compromising a vast amount of sensitive data and putting millions of users at risk.

bsnl data breach

Details of the Breach

The cyberattack resulted in the theft of critical data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) details, DP Card Data, and snapshots of BSNL's SOLARIS servers. In total, over 278GB of sensitive information was stolen. The hacker has claimed responsibility for the breach and provided samples to verify the data's authenticity.

bsnl data breach

What Data Was Compromised?

The compromised data includes:

  1. IMSI and SIM Details: Essential for the operation of SIM cards.

  2. HLR Details: Crucial for network operations and user authentication.

  3. DP Card Data (8GB) and DP Security Key Data (130GB): Key components of BSNL’s security infrastructure.

  4. SOLARIS Server Snapshots (140GB): Potentially exposing operational secrets.

bsnl data breach

Hacker's Offer

The stolen data has been priced at $5,000 (approximately Rs 4,17,000) by the hacker, with a special offer available only from May 30, 2024, to May 31, 2024. The high price underscores the data's significant value due to its sensitive nature and extensive scope.

bsnl data breach

Potential Risks and Implications

  1. SIM Cloning and Identity Theft: Attackers can create duplicate SIM cards with the same IMSI and authentication keys, intercepting messages and calls, accessing bank accounts, and committing fraud. This could lead to severe personal and financial losses.

  2. Privacy Violations: Personal information could be misused, leading to unauthorized access to communications and data breaches.

  3. Financial and Identity Theft: Fraudulent activities bypassing security measures on financial accounts can result in significant financial losses and identity theft.

  4. Phishing and Social Engineering: The stolen data can be used to craft convincing phishing schemes, exploiting users' trust in BSNL to steal personal information or money.

  5. Network Manipulation: Access to HLR details and server snapshots allows attackers to manipulate network settings or intercept data, potentially causing service disruptions and illegal surveillance.

  6. Infrastructure Exploitation: Knowledge of the infrastructure setup from server snapshots can be used to exploit vulnerabilities, inject malicious code, and cause operational failures or network shutdowns.

  7. Broader Impact: The breach not only threatens BSNL users but also poses risks to the company's operations and national security. Service outages, degraded performance, and unauthorized access to telecom operations are possible consequences. The exposure of sensitive data can undermine national security and infrastructure stability. Moreover, this incident sets a precedent for further attacks on critical infrastructure, potentially affecting other interconnected systems and networks.

​​​​​​​bsnl data breach

Recommended Actions for BSNL Users

Users should monitor their phones and bank accounts for any unusual activity and enable two-factor authentication (2FA) for additional security on all accounts.

Athenian Tech cybersecurity experts recommend that BSNL take immediate action to contain the breach, secure network endpoints, and audit access logs.

Enhancing security measures, conducting frequent security audits, and adopting advanced threat detection technologies are crucial steps BSNL must take.


BSNL Data Breach in December 2023

In December last year, a threat actor known as ‘Perell’ published a dataset comprising 32,000 lines of data on a dark web forum. This dataset exposed sensitive information about BSNL’s fibre and landline service users, including email addresses, billing information, contact numbers, mobile outage records, network specifics, completed orders, and customer profiles. The total number of data entries across all databases was claimed to be 2.9 million.

In the latest incident, the threat actor confirmed that the data being sold is unique and not connected to the previously sold datasets focused on user information.

With inputs from agencies

Image Source: Multiple agencies

© Copyright 2024. All Rights Reserved Powered by Vygr Media.