We reported on Monday that Tata Communications had suffered a data breach, and the hackers had claimed they had sold access to Tata’s servers to someone. A Tata Communications representative approached OpIndia over the report and denied any data leak. Since the last report was published, we further investigated the alleged data breach and discovered more information.
Hacker claimed it was not direct access to Tata Communications servers
We contacted the hacker on Telegram on the ID he had mentioned in the thread to get more information about the data he was selling on the hackers’ forum. During the conversation, when we questioned the authenticity of the data and if he actually has access to the Tata Communications servers, he sent a few server logs that can only be accessed if someone has partial or complete access to the server admin. The IP mentioned in the server log was, in fact, of Tata Communications. However, there is more to the story.
Server logs can be accessed by anyone who has access to the server root. It is not essential that the breach was from the main company, but it could have been via a contractor that manages the servers. In this case, according to the claims made by the hacker during the conversation, it was Route Mobile.
He said that he first got access to the Route Mobile servers after hacking into the subdomains of Route Mobile. He then allegedly installed Web Shell to gain continued access. He took the data dump from their servers and got access to employees emails. From those emails, he allegedly fetched login information to the Tata Communications servers and took a data dump from there.
It has to be noted that Route Mobile also denied the data breach, according to news agency IANS.
“For selling the data, the #hacker has created a #Telegram group. On the Dark Web forum, he claims to have #TataCommunications‘ data. But on Telegram, he claimed that the source was #RouteMobile,” said the cyber security researcher, Rajshekhar Rajaharia. https://t.co/F6nmkXCDYv pic.twitter.com/fWWVpFFb1Y— IANS Tweets (@ians_india) April 13, 2021
While the hacker still claims that the data dump belongs to Tata Communications and Route Mobile, both the companies are maintaining the stand that there was no breach at their ends. It is a matter of further investigation to confirm the hackers and the tech giants’ claims. OpIndia is keeping track of the story and will update it accordingly.