Hathway, formerly known as BITV Cable Networks, is one of the largest reputed Internet Service Providers in India with more than 40 million users. The company is owned by Reliance industries and is based out of Mumbai. The company was founded in 1959 and has been operating since then.

However, Hathway has suffered a data breach in late December 2023 which had leaked millions of users and employee data along with sensitive information such as residential address, mobile numbers, email addresses, city location and other information. The thread was made public by the threat actor who goes by the name “dawnofdevil”.

To add legitimacy to the leak, the threat actor also posted a sample of 100k files on a proton drive which consists of several users’ data. As per our investigations, the leak proves to be legit after verifying the data that the threat actor posted. The entire database of 41 million users is now at sale for $10,000.

Leak sold at $10k

Leak Analysis

According to the thread posted by the threat actor, the breach was possible due to a vulnerability in the laravel framework application used by Hathway. The first post of this leak dates back to 22nd December 2023. However, the threat actor started to leak the data after stating that, “As hathway is not ready for the cooperation, The data is now available for sale”.

This provides an insight that Hathway has been unconcerned regarding this leak and did not even negotiate with the threat actors. However, millions of customers could be affected due to this leak as the leak contains additional sensitive information such as KYC documents, Aadhar card details and PAN card details.

Leaked Data from the Underground Forum

These kinds of private details can be used for several purposes such as impersonation, fake bank accounts, spamming, extortion, threatening, cyberbullying and any other cybercriminal activities. It was also denoted that the total size of the leaked information is around 400 GB including MySQL and oracle databases.

Furthermore, the threat actor also proceeded to provide a .onion URL under the context “Now you can search your accounts in here”. The threat actor belongs to the “Cyber Niggers” group who posts several leaks on the same forum. 

Previously, there was also a massive leak in Aadhaar card information which was also on the same forum.

It is recommended for users of Hathway to be vigilant towards any malicious activities and be cautious of fraudulent calls and SMSs. Additionally, it is also advised to not respond to any kind of spam activities or to any unknown messages on social media. Stay secure and do not download any malicious links or files from websites. 

Follow us on Twitter and LinkedIn for Latest Cyber Security News and Updates.