BSNL hacker claims multiple Asian telco victims

  • A hacker is offering data from Indian operator BSNL and 15 other undisclosed Asian telcos
  • Compromised data includes IMSI records, SIM details, HLR data and login credentials
  • BSNL has yet to issue an official statement or response regarding the breach, leaving the claims unverified

The safety and security of customer data in the telecom sector has once again come under scrutiny with Indian state-owned communications service provider BSNL (Bharat Sanchar Nigam Limited) reportedly suffering a massive data breach. 

The incident, orchestrated by a dark web hacker known as kiberphant0m and unveiled during the past week, has raised concerns about the vulnerability of sensitive information and the potential risks associated with cyberattacks on telecom infrastructure.

According to a claim that emerged on 27 May, kiberphant0m is offering unauthorised access to databases stolen from BSNL, along with data from 15 undisclosed Asian telcos. The Cyber Express has reported that the compromised data includes IMSI records, SIM details, home location register (HLR) data, and security key data. Additionally, the hacker claims to possess login credentials for various digital infrastructures and applications of BSNL.

The hacker, in a warning to potential buyers and Indian authorities, stated, “India if you want to secure your data and do not want it to be sold you must buy it first, contact me BEFORE someone purchases this data. It could be 3 hours to 24 hours, who knows.”

Despite the gravity of the situation, BSNL has yet to issue an official statement or response regarding the breach, leaving the claims unverified. This lack of transparency has compounded the uncertainty surrounding the extent of the breach and the measures being taken to mitigate its impact.

This incident is not the first time BSNL has faced cybersecurity challenges. In late 2023, the company experienced a significant data breach that resulted in the theft of sensitive customer information, including names, email addresses, billing details, contact numbers, and outgoing call records of both BSNL fibre and landline users. The hacker, ‘Perell’, then made a sample of the stolen data, consisting of 32,000 lines, available on a dark web forum.

- Joana Bagano, Contributing Editor, TelecomTV

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.