IANS reports:
After a cyber-security research firm claimed that call data records of around 20 million customers of Vodafone Idea (Vi) were leaked and accessed by cyber-criminals, the telecom operator has denied the breach.
Cyber-security research firm CyberX9 claimed in its report that the call data records of 20.6 million postpaid Vi customers were leaked due to vulnerabilities in the company’s systems.
Read more at Ahmedabad Mirror.
Although the IANS report ends with Vi’s denial, other coverage notes that CyberX9 did not back off and responded to Vi’s statement. The Business Standard reports:
CyberX9 said that the company’s claim that they have conducted a forensic audit is absurd.
According to CyberX9, call logs and other data of millions of Vi customers have been leaked for the past two years, which was accessed by hackers.
It is not accurate to report that hackers accessed the data. That is just CyberX9’s suspicion or fear, but they do not seem to have any proof that it happened at all. Looking at CyberX9’s report, DataBreaches notes that there is a big difference between claiming a vulnerability could have or might have “been easily used by malicious attackers to steal millions of customers sensitive data and maliciously use it” and reporting that the firm found evidence that vulnerable data had been downloaded and either leaked, sold, or misused by bad actors. “There is high possibility that malicious attackers might’ve already exploited these vulnerabilities in Vi” is not the same as a finding that the researchers found proof of access or download of the data or that vulnerabilities had been exploited.