Massive data breach in India affects 1.2 crore WhatsApp users, 17 lakh Facebook users: report

The Cyberabad Police reported yesterday that seven perpetrators behind the massive data breach have been held.

  • A massive data breach from various sources saw the private data of 16.8 crore citizens leaked
  • Details of national defence personnel and PIIs of civilians were included in the breach
  • The database included information on over 1.2 crore WhatsApp users.

A massive data breach that could have serious national security implications has been reported by Cyberabad Police in Hyderabad, Telangana on Thursday, March 23rd. According to a report on the matter by The Press Trust of India, the massive data breach likely entails several smaller breaches, leading to the accumulation and selling of Personal Identifiable Information (PII) of 16.8 crore Indian citizens — of which there is a vast trove of individuals linked to India’s national defence forces.

Show Full Article

What does the massive data breach include?

According to the PTI (via), the sheer volume of the massive data breach includes significantly critical PIIs of nearly 17 crore individuals. The range of information sold by the cyber criminals allegedly behind the crime includes phone numbers, PAN card numbers, registration details of services such as gas and petroleum lines, details of demat accounts, bank details of high net-worth individuals, databases of applications made by citizens for loans and credit cards, details of debit card holders of private banks, and other critical information such as PIIs of employees of information technology (IT) services firms and frequent flyer services.

Furthermore, identification details of up to 1.2 crore WhatsApp users, and over 17 lakh Facebook users, have been leaked online. These details include login IDs, internet protocol (IP) addresses, city of residence, age, email addresses and phone numbers, among other information.

For defence personnel, the leaked information that is part of this massive data breach includes the ranks and designations of over 2.5 lakh individuals, email addresses and the latest places of posting, among others. Finally, student biographies and information of those applying for the National Eligibility and Entrance Test (NEET) were also part of this breach.

What the law enforcement said

According to a statement offered by Cyberabad Police Commissioner, M Stephen Raveendra to PTI, the investigation is still ongoing. However, the police forces in the state have already arrested seven members of an alleged gang, which operated out of three call centres located in Noida, Uttar Pradesh. The criminals reported selling over 140 categories of data and had over 100 buyers for their data.

According to the police, the criminals sold databases of up to 50,000 users for Rs 2,000. Raveendra further confirmed to PTI that the police are in process of sending notices to telecom service providers, and notices are being sent to them for further examination. The massive data breach is an amalgamation of multiple leaked databases, the police confirmed.

The implication of the data leak

The massive data breach includes a vast trove of PIIs, which can be matched further with breached password databases across other hacks and leaks — using which cyber criminals can breach email addresses and social media accounts. This information can be further put together for spear phishing attacks, impersonation, blackmail and other malicious activities. Such implications can get worse since with the involvement of defence personnel, such hacks can further lead to the breaching of sensitive data of national importance — a factor that the Cyberabad Police highlighted as well.