HQ/EMEAFind out how we can help your business
Two of the most notorious threat actor groups, CYBO CREW and UNIT8200 are allegedly selling 1.8TB worth of databases that contain the personal information of over 750 million Indian citizens.
Researchers globally have identified this data breach as the largest ever of its kind, raising concerns about privacy, identity theft, and cybercrime.
Based on reports, the sold database could expose the names, mobile numbers, addresses, and Aadhaar card numbers – unique 12-digit identification codes – of approximately half of India’s 1.4 billion population. Moreover, the compromised database, now compressed to 600GB, poses a significant threat to mobile network subscribers in multiple countries.
Separate investigations also noted that prominent telecommunication providers suffered from the breach, with Indian users facing heightened risks due to the exposure of their Aadhaar identification numbers.
This sensitive information could allow malicious individuals to execute identity theft, financial fraud, and other cybercrimes. Researchers also emphasised the scope of the breach, prompting telecom service providers and the government to identify and address the security vulnerabilities immediately.
CYBO CREW and its affiliates offered the alleged stolen database on several platforms.
According to reports, CYBO CREW affiliates CyboDevil and UNIT8200 offer the data for $3,000. However, the threat actor responsible for the breach denies involvement, claiming to have obtained the data through undisclosed law enforcement channels. The source remains unclear, adding another layer of complexity to this cybercriminal incident.
CYBO CREW is a relatively new threat group that emerged in July last year. However, despite its short tenure, it has already targeted various sectors, including automobile, jewellery, insurance, and apparel.
In response to the breach, researchers have advised users to change passwords, exercise caution against phishing attempts, monitor accounts, and report suspicious activities, particularly those linked to mobile numbers or Aadhaar.
Authorities have also notified impacted parties and relevant authorities about the breach, emphasising the need for a collaborative effort to mitigate the negative effect of this cyber threat.
This incident should be a wake-up call for individuals, businesses, and governments to prioritise improving their cybersecurity measures, collaborate on threat intelligence sharing, and take proactive methods to prevent and respond to such large-scale cyberattacks like this in the future.
