The recent data leak of more than 26 lakh Airtel users belonging to the Jammu and Kashmir region was orchestrated by state-sponsored hackers from Pakistan, an independent cybersecurity researcher has revealed. These hackers kept creating new accounts to put the leaked data on the web and tried to sell them for $3,500 in Bitcoin (Rs 2.5 lakh approx).
It was back in 2018 when the Delhi Police cyber cell had identified a Pakistan-based hacker group that hacked into the Indian government website and defaced it. The hacker group was later identified as ‘TeamLeets’, a group that is touted to be working at the behest of Pakistan’s ISI (Inter-Services Intelligence), the country’s premier spy agency.
“TeamLeets, which is a Pakistan-based hacking group, is behind the Airtel data leak,” independent cyber security researcher Rajshekhar Rajaharia told IANS when contacted.
The hackers behind the data leak
It has now been revealed that the same hacking group was behind the Airtel Data leak. The hackers initially dumped the data via a domain on the internet and threatened to leak more data via a new Twitter handle that goes with the pseudonym ‘Red Rabbit Teams’.
Twitter has however restricted the account citing “unusual activity”.
After the ban, the hackers (TeamLeets) created another Twitter handle by the name ‘PANAMA-iii’, that tweeted out a fresh set of links that led to a subset of data from the original data of 26 lakh users. There are possibilities that some of that data might belong to the users from the Indian Army, the report suggests. The ‘PANAMA-iii’ account was also deleted later.
“No data leak/breach has occurred”
Airtel is still maintaining its stance that there has been no data leak. An Airtel spokesperson said that “there is no hack or breach of any Airtel system as claimed by this group”.
“This group been in touch with our security team for over 15 months now and has made varying claims in addition to posting inaccurate data from one specific region,” the spokesperson told IANS.
“Multiple stakeholders outside of Airtel have access to some data as per regulatory requirements. We have apprised all the relevant authorities of the matter to, therefore, investigate this and take appropriate action,” the company spokesperson added.
The first set of data was dumped by the hackers on a domain in December last year. The same was removed later.
“TeamLeets then created a couple of Twitter accounts to further push its agenda. It is possible that Red Rabbit Teams and ‘TeamLeets’ are two sides of the same coin or are working together,” Rajaharia informed.
The report also goes on to add that the hackers wanted to sell the data but could not succeed. Hence, they dumped the data on the internet. What’s befuddling is that the data was dumped on public portals and not on the Dark Web.
–with inputs from IANS.