A hacker has allegedly gained access to the Know Your Customer (KYC) data of 4 million users from Hathway, an Indian Internet Service provider. The breach, which occurred in December 2023, exploited a security flaw in Hathway’s Laravel framework application, its content management system. The hacker claims to have a 12GB file containing the personal details of over 41 million Hathway customers, encompassing names, email addresses, phone numbers, residential addresses, Aadhaar card copies, and other KYC data. Following an unsuccessful attempt to sell the data for $10,000, the hacker made it public, sharing two links with a total of 226GB of information.
The breach was disclosed through a post on Breach Forums, where the hacker asserted successful infiltration past Hathway’s security measures. The extensive dataset reportedly includes user data such as customer registration forms and diverse personal information. Notably, the hacker initially sought to sell the compromised data but opted for a public leak when no buyer was found. The leaked data, spread across more than 800 CSV files in two links, poses significant privacy concerns for Hathway customers.
This incident underscores the increasing threats to sensitive personal information, highlighting the potential risks associated with security vulnerabilities in content management systems and other frameworks. The exposure of KYC data raises concerns about identity theft, fraud, and the need for robust cybersecurity measures to protect user information. The aftermath of this breach may prompt heightened security measures and increased scrutiny of data protection practices within the affected internet service provider and the broader industry.