Update: Cybersecurity researcher Troy Hunt has confirmed the leak to include 4,670,080 Hathway users. The data has been uploaded to the HaveIBeenPwned database here.
A threat actor is attempting to sell what he claims to be the personal data of 41.5 million customers of Hathway on a popular hacking forum for the price of $10,000.
Hathway is a major broadband internet service, digital platform, and cable TV service provider in India. It is a public entity based in Mumbai, serving millions of people across the country.
On December 22, 2023, a threat actor going by the nickname ‘dawnofdevil,’ who is member of the ‘CyberNiggers’ data leak and brokering collective, announced they had hacked Hathway and acquired the data of 41,563,271 customers of the company.
The hacker also shared a sample of the 4 million “know your customer” documents they claimed to hold, which include full names, Aadhar numbers, PAN card, national ID details, etc. In the following days, dawnofdevil posted a sample of 100,000 lines containing the following data, among other things:
- Full names
- Physical addresses
- Phone numbers
- Email addresses
- User IDs
- Account IDs
- Password hashes
- IP addresses
- Network/user activity
- Postal/ZIP codes
- Network names
Later, the threat actor set up a Tor site where people can search data entries by mobile number and email, locating the data of specific people. Although this portal wouldn’t be suitable for scraping attacks, it potentially makes targeted searches and attacks far more practical and attainable.
On January 2, 2024, the forum thread creator switched the visibility of the leaked data to “public,” opening access to the information to many users and putting the people whose data was stolen at great risk of scams, phishing, and other cyber-attacks.
RestorePrivacy has contacted Hathway at the designated email addresses, but we have not received a response by publication. Hence, we haven’t confirmed the claimed security breach on the firm, nor have we validated the authenticity of the leaked data or whether it belongs to Hathway clients.
Previously, the ‘CyberNiggers’ threat group released data samples from IT service provider and U.S. government contractor CACI, as well as from the multinational technology corporation General Electric. Although neither CACI nor General Electric officially confirmed the incidents, the legitimacy of the leaked data samples has not been disputed. This lack of refutation has allowed ‘CyberNiggers’ to maintain credibility within the cybercrime community.