A major data breach has rocked Hathway, the prominent Indian Internet Service Provider, as hacker ‘dawnofdevil’ leaked a database containing personal details of over 4 million users. The breach, which occurred in December 2023, exploited a security vulnerability in the Laravel framework application used by Hathway. The leaked data, initially claimed to affect 41 million accounts, was later analyzed by Hackread.com, revealing approximately 4 million impacted accounts after eliminating duplicates.
The exposed data includes extensive personal information such as full names, email addresses, phone numbers, home addresses, and even copies of Adhaar cards with customer registration forms. Furthermore, financial details of both Hathway’s employees and customers were found in a second file, totaling a staggering 214GB of information. The hacker’s initial attempt to sell the data for $10,000 failed, leading to the public leak of the information.
In an unusual move, ‘dawnofdevil’ created a dark web search engine for potential victims to check if their email addresses and phone numbers were compromised. The tool provides a means for individuals to assess their involvement in the breach without sharing the link publicly due to privacy considerations. Hathway is yet to comment on the incident, and users are cautioned against phishing attempts related to the breach.
