BSNL reportedly suffers major data breach affecting millions of users

Bharat Sanchar Nigam Limited (BSNL) has reportedly suffered a data breach and the threat actor involved reportedly claims to have possessed sensitive user and operational data. The government-owned telecom provider’s servers were attacked and the hackers now possess SIM card details, home location registry data and server-related critical security keys, the report said. It said that the stolen data can be misused to carry out criminal activities such as SIM card cloning, identity theft and even extortion.

Threat actor allegedly hacked BSNL servers

Referring to a report on data breaches from digital risk management firm Athenian Tech, News18 reports that the threat actor behind the cyberattack goes by the name “kiberphant0m”. It appears to be the username of the hacker on the dark web forum. It cannot be confirmed whether the data breach was carried out by an individual or a group of hackers.

According to the report, around 278 GB of data has been compromised from BSNL’s telecom operations. The hacked data reportedly goes beyond user data and includes server snapshots that can be used to carry out further attacks and create serious security risks. The threat actor claims to have critical information such as International Mobile Subscriber Identity (IMSI) numbers, SIM card details, PIN codes, authentication keys and more. It also reportedly includes snapshots of BSNL’s SOLARIS servers.

The threat actor is said to have offered to sell the leaked data for $5,000 (approximately Rs. 4.18 lakh). The hacker is said to have discussed about the leaked data on a dark web forum and also discussed the possibility of misusing it for criminal activities such as SIM cloning, identity theft and extortion.

“While the specific vulnerabilities exploited by ‘kiberphant0m’ have not been publicly disclosed, access to critical systems such as the Home Location Register (HLR) and SOLARIS server snapshots indicates deep penetration likely facilitated by exploiting software vulnerabilities or using advanced social engineering techniques. The inclusion of server snapshots suggests possible exploitation of known vulnerabilities within BSNL’s server infrastructure, highlighting the need for rigorous patch management and security updates,” Kanishk Gaur, CEO of Athenian Tech, told the publication.

The alleged data breach poses a serious threat to millions of BSNL users whose sensitive information may have been compromised. Notably, the telecom operator had suffered a similar data breach in December 2023. Gadgets 360 has reached out to BSNL for a response to the story and we will update the article once we receive a response.