Skip to content

278 GB of critical BSNL telecom data exposed on dark web

  • by
  • 3 min read

Photo: mrinalpal / Shutterstock.com

State-owned telecommunication giant Bharat Sanchar Nigam Limited (BSNL) has fallen victim to a major data breach. The breach, orchestrated by the notorious threat actor ‘kiberphant0m,’ has compromised more than 278 GB of sensitive information, raising significant concerns over the security of India’s telecom infrastructure.

The threat actor has priced the stolen data at $5,000 for a limited-time offer on the dark web, underscoring its high value and sensitivity.

The number of affected users is still under assessment, but the breach’s scope likely impacts millions of BSNL subscribers. The compromised data includes critical information such as International Mobile Subscriber Identity (IMSI) numbers, SIM card details, pin codes, authentication keys, DP Cards, DP Security Keys, and snapshots of BSNL’s SOLARIS servers, noted News18.

The compromised data is distinct from those exposed in a previous BSNL breach in December 2023. While the earlier breach focused on user information, the current dataset involves more complex and critical information directly related to telecom operations.

Conversations on dark web platforms reveal that the data could be used for malicious activities such as SIM cloning and extortion. SIM cloning, in particular, poses significant risks by allowing attackers to intercept messages and calls, bypass two-factor authentication, and access bank accounts, leading to severe financial and personal security consequences for the victims.

Photo: Westock Productions / Shutterstock.com
While the previous data breach focused more on customers, this one is targeting the firm’s operations. | Photo: Westock Productions / Shutterstock.com

The compromised IMSI numbers and SIM card details provide the tools for creating duplicate SIM cards, enabling fraudsters to impersonate users and gain unauthorised access to sensitive information.

Phishing schemes and other social engineering attacks are likely to increase. These attacks leverage stolen data to craft convincing scams that exploit user trust in BSNL.

Access to Home Location Register (HLR) details and server snapshots further exacerbate the risks. Malicious actors could manipulate network settings, intercept data, and cause disruptions or unauthorised surveillance.

Similarly, the exposure of SOLARIS server snapshots allows attackers to study BSNL’s infrastructure, potentially leading to the injection of malicious code and significant operational failures.

The breach also has broader implications for national security. BSNL’s role in India’s telecom infrastructure means that the compromised data could be exploited in cyber-attacks targeting communication networks, potentially destabilising critical infrastructure and undermining national security.

Cybersecurity experts have asked users to strengthen security measures like two-factor authentication and encryption. They have also advised BSNL to conduct a comprehensive forensic investigation and transparently communicate with affected subscribers. The company should also publish the steps it has taken to identify and mitigate the threat.

In the News: 24 Medusa RAT campaigns target Android users in 7 countries

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>