What Happened
In December 2023, a hacker operating under the alias ‘dawnofdevil’ exploited a vulnerability in Hathway’s Laravel framework application to breach the Indian Internet Service Provider, exposing personal data of millions of customers. The hacker initially claimed 41.5 million affected records but analysis revealed approximately 4.7 million unique accounts after removing duplicates. The leaked data—distributed across over 800 CSV files totaling 200+ gigabytes—included full names, email addresses, phone numbers, physical addresses, Aadhaar card copies, passport information, and Know Your Customer (KYC) documents. After failing to sell the data for $10,000 on December 22, 2023, the hacker made the information publicly available on the dark web and created a Tor-based search engine allowing victims to check if their data was compromised. Hathway has neither officially confirmed nor denied the breach.
