NI Bureau
Bharti Airtel has issued a statement refuting claims of a data breach on its servers. The telecom operator stated that after a thorough investigation, no evidence of a breach was found. Airtel described the allegations by the threat actor as a “desperate” attempt to damage the brand’s reputation. Earlier reports had suggested a significant data breach involving the sensitive information of 375 million Airtel customers, which was allegedly being sold on the dark web.
Airtel Denies Data Breach Allegations
In a statement, Airtel stated, “There have been ongoing reports alleging that Airtel customer data has been compromised but these things are nothing short of a desperate attempt to tarnish Airtel’s reputation by vested interests. We have conducted a thorough investigation and can confirm that there has been no breach whatsoever from Airtel systems.”
This statement was issued a day after several unverified reports claimed that a threat actor, identified as ‘xenZen’ on dark web forums, had breached Airtel’s database. Nicolas Krassas, an X (formerly Twitter) user whose LinkedIn profile indicates he works at Henkel AG in Germany as the Head of Threat and Vulnerability Management, posted a screenshot from a dark web forum showing a post by the threat actor.
In the screenshot, xenZen claims to have accessed Airtel’s customer data, including phone numbers, emails, addresses, Aadhaar numbers, and more. The data, allegedly updated until June 2024, was reportedly up for sale for $50,000 (approximately Rs. 4,174,000).
However, no follow-up posts, screenshots, or sample data have emerged to confirm the threat actor’s claims even 24 hours after the alleged attack. Notably, scammers on the dark web often post sensational claims about data breaches to trick others into paying. Once the payment is made, they either provide fraudulent data or disappear from the platform. This could be one of those instances, but there is no way to prove it.
Prateeksha Thakur
