Monday, May 17, 2021
Home Specials OpIndia Scoops OpIndia Exclusive: Tata Communications suffers data leak, hackers claim to have sold access to...

OpIndia Exclusive: Tata Communications suffers data leak, hackers claim to have sold access to company’s servers, over 50GB data still up for sale

In a March 15 post, the hackers claimed that they have got access to the servers of Tata Communications. They were offering access for $18,000 in the form of Bitcoins.

After Facebook and Mobikwik, hackers have claimed to got access to another major tech giant in India. As per two posts by hackers on a hackers’ forum, they have gained access to Tata Communications servers. In the posts, the hackers are offering backdoor entry to anyone who is willing to pay $9000 for the servers.

Access to servers sold, claimed hackers

In a March 15 post, the hackers claimed that they have got access to the servers of Tata Communications. They were offering access for $18,000 in the form of Bitcoins. The buyer would get:

  • Access partners
  • Access to the internal network
  • Access to the webserver
  • Access to DB’s
  • +30 Billion billable transactions
  • Access to all SMS and telecom servers
March 15 post by hacker

The hackers offered a discount if needed. By March 11, the hackers dropped the price substantially and asked for $9,000 in Bitcoins. However, when we tried contacting the hackers, they claimed that the access to Tata servers had been sold. On inquiring further whether the person who got access to the servers can access them remotely, the hacker said the servers are behind firewalls, and the buyer did not buy bypass from them. However, with the information they have, they can use Web Shell access to gain persistent access to the company’s databases.

What exactly is the Web Shell access?

A Web Shell is a malicious script used by threat actors with an intent to escalate and maintain continuous access to an already compromised web application or server. It has to be noted that a Web Shell cannot attack or exploit the remote vulnerabilities on its own. However, it is the second step of an attack.

In this case, the threat actors would use the vulnerabilities exiting on the Tata Communication servers, which they learnt about from the data bought from the hacker. Using the vulnerabilities, they can initiate a social engineering attack to attain file upload capabilities and transfer of malicious files or the Web Shells. Some of the common functionalities include, but not limited to, shell command execution, database enumeration, code execution and file management.

Databases worth 50 GB up for sale

According to the second post by the hackers, they are willing to sell the 50GB Database of Tata Communications. They might have gained access using the vulnerabilities they talked about in the previous post. The hackers alleged that the database contains

  1. Customers details: username – password (plaintext) – servers information – servers logs – phone numbers and etc.: If hackers are to be believed, this will provide the buyer access to the server credentials of Tata Communications’ customers.
  2. CRM and Organizational automation DB’s: Customer Relationship Management (CRM) and Organizational automation Database contains information of the sales that the company has made over time and information about its customers. Such a system helps the company to track and manage the engagement between customers and responsible teams at the company. This system is used for both existing and prospective customers. If someone gets access to this information, it can be used to get detailed information of the contracts between the company and the customer. In the wrong hands, it can potentially cause financial losses to the company.
  3. Employees Emails Backup: This is the most dangerous set of information that the hacker has offered in the database. Employees emails backup can provide a lot of information about the company processes, customer details, projects the company is working on, in-house trade secrets and much more. It is still unclear how much information is available to the hackers. Another point that one has to keep in mind here is that the access to the servers has already been sold. If the hackers have provided correct information, someone might have already started accessing the databases using the vulnerabilities exploited by the hackers.
  4. Servers access information (usernames – passwords (plaintext) – IP): The hackers claim that they are providing passwords in plaintext format. That means they have already been dehashed. In this case, if the information is correct, anyone who has access to this database will be able to access different servers and exploit the data available on the said servers.
  5. Admin panels information (usernames – passwords (plaintext) – URLs): Using this information, the buyer of the database can access admin panels at Tata Communications, making the trade information vulnerable to leas.
  6. Internal networks Maps and diagrams
  7. Employees Maps
March 26 post by hacker

The sample data

OpIndia got access to the sample of the database. There were a total of eight files and one folder in the sample data. In the folder, there were some invoices dating back to 2016-17. These invoices were issued by one of the Tata Communications business partner and telecom giant Etisalat. Both companies had signed MoU in 2013 to build multi-service regional network infrastructure in UAE.

sample invoice (screenshots from sample data)

In a file titled Tel-data-2021, details of Tata Communications clients’ network usage was found. The majority of the clients mentioned in this list were from Saudi Arabia.

Client information from Saudi Arabia (screenshots from sample data)

Another file shared by the hacker had usernames, passwords in text format (possibly dehashed) and email addresses and other details of one of Tata Communications clients that is a Cloud Communication Platform provider. Notably, one of the users had his phone number as the password. When we reverse checked the number, it turned out to be registered to the same name, which weighs in for the authenticity of the data.

Username and password of a client of Tata Communications (screenshots from sample data)

The hacker also shared a sample of SMS servers of Tata Communications. It has to be noted that the services of Tata Communications are used by several companies, including banks, institutes, government organizations and more. In this particular file, we were able to check the numbers of the users and what messages they exchanged. The messages ranged from October 2020 to March 2020. Please note that this was only a sample, and the hackers have claimed to have access to the latest data dump.

SMS server sample (screenshots from sample data)

Another database potentially has information of the internal invoices.

Accounts information sample including invoice details (screenshots from sample data)

There is still a lot of information in the sample data dump that we believe should not be shared anywhere. The screenshots included in this report are not even 0.1% of the data the hackers provided in the data sample.

Tata Communications is yet to comment

We have contacted Chief Technology Officer at Tata Telecommunications via email and waiting for their reply. Once they provide us with any information about the alleged leak/breach, we will update the story.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Searched termsTata data leak
Anurag
Multimedia graduate by education. Writer by profession. Poet by heart.

Related Articles

Trending now

Pakistan based CNN contributor Adeel Raja says world needs another Hitler amidst Israel-Palestine conflict, has history of anti-Semitic tweets

Adeel Raja, freelance contributor at CNN, has said that the world needs a Hitler today amidst the Israel-Palestine conflict.

From ‘lagbhag mana’ to putting up poster by AAP leader as DP to attack PM Modi, things have come a long way for Rahul...

Earlier in the day, Rahul Gandhi had put up the poster and urged PM Modi to arrest him. It is imperative to note here that Rahul Gandhi himself is out on bail in the National Herald corruption case as well as many other cases.

‘F*ck the Jews’, ‘F*ck their daughters, mothers’: Viral video from London shows pro-Palestine protesters advocating rape of Jewish women

A video has gone viral on the internet that purportedly shows pro-Palestine demonstrators abusing Jews in the vilest of words.

Malerkotla: All you need to know about the 23rd district of Punjab with a Muslim-majority population

Muslim appeasement at display? Congress-led Punjab government announced Muslim-dominating Malerkotla as district

Understanding Cytokine Storm: What it is and how it may be responsible for Covid-19 related deaths

Cytokine Storm happens when the body releases too many Cytokine, it leads to immune system attacking own body cells

Rakesh Tikait threatens to defeat BJP in Uttar Pradesh where assembly elections are slated for next year

The 'apolitical' farmer movement has been nothing but political from the beginning.

Recently Popular

Legendary Australian cricketer slams world media for ‘vulture’ journalism, says Incredible India deserves respect: Here is what he said

In a recent post, the former cricketer has expressed his overwhelming support for India and slammed international media for vulture journalism

Pakistan based CNN contributor Adeel Raja says world needs another Hitler amidst Israel-Palestine conflict, has history of anti-Semitic tweets

Adeel Raja, freelance contributor at CNN, has said that the world needs a Hitler today amidst the Israel-Palestine conflict.

Watch: Pro-Palestine mob attacks Jewish man in Canada while chanting Allahu Akbar

A jewish girl who went tried to save the girl was also molested in Canada by pro-Palestine mob

Assam: Six arrested for disrespecting national flag, accused caught using tricolour as table cloth for Eid feast

An image of Rejina Parvin Sultana, a resident of Assam's Tengnamari village, feasting lunch with her family on the occasion of Eid had gone viral on the internet.

Malerkotla: All you need to know about the 23rd district of Punjab with a Muslim-majority population

Muslim appeasement at display? Congress-led Punjab government announced Muslim-dominating Malerkotla as district

‘This man is filming us, beat him up, so what if’s a cop’: Mob beats up policeman in a kabristan in Ahmedabad on Eid

Bhavsingh, who was following the orders of his seniors, was on duty to gather intel in Juhapura when he found his way to the kabristan and saw COVID protocols being flouted.
- Advertisement -

 

Connect with us

255,137FansLike
544,925FollowersFollow
24,300SubscribersSubscribe