Indian tycoon Vijay Mallya’s Twitter account appears to have been hacked. The alleged hackers have hijacked Mallya’s account and are currently leaking the industrialist’s personal and sensitive information.
A pseudonymous hacker group called Legion has claimed responsibility for the attack and has dumped what appears to be a hoard of Mallya’s personal and sensitive information, including his address, phone number, various assets at several international banks, details of his business holdings and more.
Legion told IBTimes UK in an email, “We are a new group of international Blackhats looking to own and expose the corrupt system.” The hacker group, however, refrained from divulging further information about how they gained access to Mallya’s accounts.
Zero-day attacks launched?
The hacker group wrote, “The details of the hack cannot be shared, we are sorry (as there are still untouched spools using the unpatched 0day vulnerability) ;)”
Legion’s claims suggest that the hackers may have leveraged an undisclosed zero-day vulnerability as part of their attacks. According to FireEye researchers, zero-day attacks involve attackers creating customised malware to exploit unknown software vulnerabilities, which allow them access into vulnerable networks.
The Legion’s comments indicate that there may be an unknown zero-day vulnerability out in the wild. Zero-day attacks are generally extremely difficult to detect and mitigate, suggesting that the hacker group’s level of sophistication may be higher than that of run-of-the-mill script kiddies.
The hacker group is also believed to be responsible for recently compromising Indian politician Rahul Gandhi’s Twitter account, according to reports. Legion hackers have threatened to continue divulging more information on both Mallya as well as one of India’s major political parties — the Congress.
It appears that Mallya became aware of the attack early Friday (9 November) morning. He tweeted that his email and Twitter account had been hacked, adding that he was being “blackmailed”.
The hackers later responded by tweeting: “We did not blackmail Mallya, any and all rumours are assumptions and fake! He is creating propaganda.”
Mallya departed India earlier in the year, following a major backlash from several banks to which he currently owes over Rs 9,000 crore ($1.3bn, £1bn) in loans, according to local reports. The tycoon reportedly resides in the UK, however his passport has been revoked by the Indian government.
“We intend to share a few more by the new year,” Legion added, indicating that further leaks may be on the way.
The leaked data has not been independently verified by IBTimes UK.