In a cyber incident, it is alleged that a vast dataset belonging to BSNL, a state-owned Indian telecommunications company, has been put up for sale by cybercriminals. The leaked data reportedly includes sensitive information such as IMSI, SIM details, HLR (Home Location Register), DP Card Data, Masterkeys, and more. If true, this breach underscores significant vulnerabilities within the telecom sector, potentially impacting millions of Indian users.
Details of the Allegedly Compromised Data
The attacker claims to possess a comprehensive collection of BSNL data, including:
- IMSI (International Mobile Subscriber Identity)
- SIM details
- HLR (Home Location Register) information
- Machine Copy Data
- DP Card Data (8GB)
- DP Security Key Data (130GB)
- Masterkeys
- SOLARIS server snapshot (140GB)
- Main database (3.5GB)
The leaked dataset purportedly contains detailed records and configurations critical to BSNL’s operations and customer information. A sample of the main database structure includes fields such as SIM, IMSI, PIN1, PUK1, PIN2, PUK2, ADM, AUTH, KDBID, ALGOID, ACSUB, AMF, and MAKE.
The individual behind this alleged breach is offering the data for sale at a negotiable price via Telegram for $80000 – 150000. Alarmingly, they have stated that they are open to selling this data to anyone, including state actors, if the Indian government does not act swiftly to purchase and secure the compromised information.