Cybersecurity researcher Rajshekhar Rajaharia thinks the hackers gained access to Airtel’s customer database using the company’s Subscriber Details Record (SDR) portal and that there are signs of a Pakistani hacker group being behind the attack. Hackers published what they claim is the personal information of 2.5 million Airtel subscribers from Jammu & Kashmir on a public website, according to independent cybersecurity researcher Rajshekhar Rajaharia. The data included full names, mobile phone numbers, dates of birth, addresses, and Aadhaar IDs.On 3 February 2021, the day after Rajaharia’s revelation, Airtel rejected the finding, saying that there was no data breach from the company’s end and that the data released by the hacker group showed “glaring inaccuracies”.The hacker group Red Rabbit initially claimed that it was able to upload a ‘shell’ to the Airtel server, granting it remote control of a machine.Rajaharia, though, thinks the data is more likely to have come from the Airtel’s Subscriber Details Record (SDR) portal. Telecom companies grant government law enforcement agencies access to their SDR portals for surveillance and criminal investigation purposes. He said he viewed an email conversation between Red Rabbit and Airtel’s security team, in which the latter requested the hackers to take down the website hosting the leaked data till the company was able to investigate the breach.Rajaharia was also able to independently verify some of the data by matching numbers from the compromised database with that presented by the Truecaller app or on the Aadhaar portal. A Pakistani connection?Rajaharia said that Airtel was able to have the website hosting the leaked data taken down, but the hackers responded by hosting the database again on five different websites. The hacker group also shared a Telegram ID with major Indian media outlets to prove that the hack was authentic.Furthermore, the hackers isolated the information of army personnel in Jammu & Kashmir and posted that database on a public website as well.Rajaharia pointed out that the website that hosted the stolen data, livefibre.in was a GoDaddy domain that was hacked by ‘Mr. Clay’, belonging to the hacker group TeamLeets, on 4 December 2020. TeamLeets, the researcher said, is one of Pakistan’s biggest hacker groups.“Red Rabbit posted the stolen database on a website hacked by TeamLeets, and that can only be possible if Red Rabbit is either TeamLeets or belongs to the hacker group,” said Rajaharia. “The fact that Jammu & Kashmir was targeted—and specifically army personnel stationed in the state—points to a Pakistani connection,” he added.The Facebook page of the hacker group TeamLeets says: “Our target is to break the security—We are Pakistani Leets.” Related content feature How a digital design firm navigated its SOC 2 audit L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits. By Alex Levin Nov 28, 2023 11 mins Certifications Compliance news GE investigates alleged data breach into confidential projects: Report General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker. By Shweta Sharma Nov 27, 2023 3 mins Data Breach opinion A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? You can try to keep the flood of generative AI at bay but embracing it with proper vigilance is likely the best hope to maintain control and prevent the scourge of it becoming shadow AI. By Christopher Burgess Nov 27, 2023 6 mins Generative AI Data and Information Security Security Practices feature Rise of the cyber CPA: What it means for CISOs New accountant certification rules starting January 2024 could deliver many new cybersecurity-trained accountants. Is this good or bad news for CISOs? By Evan Schuman Nov 27, 2023 7 mins CSO and CISO Compliance Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe