In a strange turn of events, reports reveal that the KYC data of 4 million users has been accessed by a hacker from the Indian Internet Service provider Hathway.
At the same time, the individual responsible for the data breach has created a dark web search engine tailored for potential victims, as reported by hackread.com.
This tool enables users to check if their data, including email addresses and phone numbers, has been exposed.
According to the hacker’s post on the infamous Breach Forums, where the database was exposed, the data breach occurred in December 2023. They were able to get past Hathway’s security measures by taking advantage of a security flaw in the Laravel framework application, which is the company’s content management system (CMS).
It’s crucial to emphasize that, as per the hacker’s claims, the 12GB file includes the personal details of over 41 million Hathway customers.
This extensive dataset encompasses their full names, email addresses, phone numbers, residential addresses, customer registration forms, copies of Aadhaar cards submitted with the forms, and various other personal information, including KYC data.
Initially, the hacker attempted to sell the Hathway data for a price of $10,000. Soon after they failed to find a buyer, they made the data public by leaking it.
The hacker has shared two links; the first link comprises 12GB of user data, while the second link contains an astonishing 214GB of information spread across more than 800 CSV files and production data.
Though Analysts at hackread.com could not go through the second file since it was deleted, they confirmed that this file also includes personal and financial details.
The breach could have serious consequences for affected individuals, they added.