The state-owned telecom provider Bharat Sanchar Nigam Limited (BSNL) experienced a data breach attributed to a threat actor claiming to possess “critical information” about its consumers. The threat actor posted a sample dataset with 32,000 lines of data on a dark web forum, which included sensitive information on BSNL landline and fibre subscribers. The threat actor, using the alias “Perell,” asserted that a total of 2.9 million lines were present in all databases combined. Alongside details such as mobile outage records, network characteristics, completed orders, and customer information, the dataset contained email addresses, billing information, contact numbers, and other sensitive data.
An official reportedly expressed concern, stating, “This poses an imminent threat to the privacy and security of BSNL customers, which is considered critical infrastructure,” in an article published in The Economic Times (ET). Cert-In, a cybersecurity monitoring agency, is aware of the hack.
“The current BSNL data leak is quite concerning. There are significant implications for BSNL and its customers from this episode. In addition to risking users’ privacy, the breach exposing sensitive information puts them at risk of identity theft, financial fraud, and targeted phishing attempts.”
The CEO and co-founder of Safe Security, Saket Modi, commented, “There is a high likelihood that the hacker targeted a single website, as the hacker claims that there are approximately 2.9 million rows of data.” Notably, PredictaLabOff CEO Baptiste Robert mentioned a 2018 data breach and identified a SQL injection on the intranet website of BSNL. Due to this vulnerability, information on over 47,000 BSNL workers, senior officers, administrators, and retired staff members was compromised, allowing attackers to access the full database. The Cyber Express has not yet confirmed the veracity of the most recent BSNL data breach or its possible link to the 2018 hack, though.
The data structure accessible on the dark web, he continued, may be the result of an attack vector known as “malicious SQL code for backend database manipulation to access information that was not intended to be displayed,” or a SQL (structured query language) injection vulnerability. He added that the hacker claimed to have information from playthe.net, lanichost.la, the Khmer citizen database in Cambodia, and the Russian social networking platform noomera.ru.
What Happens Next in the Cyberattack on BSNL?
The CEO and co-founder of Safe Security, a firm that manages cyber risk, Saket Modi, provided insight into the possible nature of the attack. “The hacker claims that the number of rows of data is around 2.9 million, which indicates a high probability that it is a single website that may have been compromised,” the hacker said in an ET interview.
Regarding the BSNL data leak, The Cyber Express has contacted BSNL in hopes of receiving official comments or answers. But as of this writing, no formal denial or confirmation has been received, hence the allegations regarding the BSNL data leak remain unsubstantiated.
