A hacker group has allegedly leaked Army personnel data using the Bharti Airtel network in Jammu and Kashmir. However, the company has denied any breach in its system. With the name of the Red Rabbit Team, the group hacked some Indian websites and posted the data on the web pages of those portals. The hackers shared some links to those web pages on Twitter in a comment over a cybersecurity researcher Rajshekhar Rajaharia and tagged several media organizations.
The query sent to the Indian Army did not elicit any reply. Still, an Army official said, “We are not aware of any such information, but it appears to be malicious intent of some inimical elements.”
When contacted, Bharti Airtel’s spokesperson denied any breach of its server.
“We can confirm there is no hack or breach of any Airtel system as claimed by this group. Multiple stakeholders outside of Airtel have access to some data as per regulatory requirements. We have apprised all the relevant authorities of the matter to, therefore, investigate this and take appropriate action.”
“This group has been in touch with our security team for over 15 months now and has made varying claims in addition to posting inaccurate data from one specific region,” the spokesperson said.
In a message to PTI, the Red Rabbit Team claimed that it has access to pan-India data of Bharti Airtel through a shell uploaded on the company’s server and will leak more data soon. The links shared by the hacker were initially accessible with the mobile number, name, and address of subscribers but stopped working after some time.
Rajaharia said that hackers have failed to show any credible evidence of possessing pan-India data of Bharti Airtel. It is also unclear how they got the subscriber’s data.
“The hacker group failed to show evidence that they have a whole India database. Their claim of shell upload may also be fake. The SDR portal video seems real, but only a short portion of data may leak via this. It is still unclear how they got access to whole Jammu and Kashmir subscriber data,” he said.
Telecom operators are required to give access to government and law enforcement agencies of subscriber data registration (SDR) portal through which phone numbers and subscribers’ details can be verified.
Rajaharia said that hackers might be from Pakistan.
“The website used to upload alleged Airtel data was hacked on 4 December 2020 by Mr. Clay (TeamLeets – a Pakistani Hacker Group). This indicates that a Pakistani hacker group TeamLeets may be behind this data leak,” Rajaharia said.