The hacker, known by the alias xenZen, also claimed involvement in a previous data breach targeting the Union Ministry of External Affairs.
On Friday, July 5, Airtel India firmly denied reports of a data breach after a hacker claimed to be selling the personal details of over 375 million Indian customers on a popular hacking forum. An Airtel spokesperson told Indianexpress.com, “We have done a thorough investigation and can confirm that there has been no breach whatsoever from Airtel systems.”
The alleged data breach was reported by Dark Web Informer, an X account that monitors dark web activities. According to the post, a hacker known as ‘xenZen’ attempted to sell a database containing details of over 375 million Airtel India customers, including their mobile numbers, dates of birth, father’s names, Aadhaar IDs, email IDs, and more, for $50,000 USD (approximately Rs 41 lakh), payable in cryptocurrency.
The hacker claimed that the breach occurred in June 2024 and reportedly shared a data sample. Additionally, xenZen alleges involvement in a previous breach targeting the diplomatic passport holders database maintained by the Union Ministry of External Affairs.
In 2021, cybersecurity researcher Rajshekhar Rajaharia reported that the details of over 2.5 million Airtel subscribers had been uploaded to the website of a threat actor known as ‘Red Rabbit Team,’ though the data was taken down after three months. Airtel India had denied any breach at that time as well.
Furthermore, subscriber databases of other major Indian telecom companies, such as Jio and Vodafone Idea, have allegedly been breached in the past. The exposure of personal user data can lead to severe consequences, including identity theft, financial fraud, and unwanted marketing calls.