Kingfisher

The organisation known by the alias Kingfisher is headquartered in India. Publicly available information specifically ties this alias to a significant cybersecurity incident from December 2016. On that date, the Twitter account of a prominent Indian businessman, Vijay Mallya, who is associated with the Kingfisher brand, was compromised by a hacker collective identifying itself as Legion. This breach resulted in the extensive leak of personal and sensitive information belonging to the individual, including private addresses, phone numbers, details of financial assets, and information on business holdings. The attackers publicly claimed their actions were motivated by a desire to expose corruption within the system and suggested they had utilized an undisclosed zero-day vulnerability to facilitate the compromise, though they did not provide technical specifics for this claim.

Legion additionally indicated they had compromised another political figure's social media account at the time and threatened further disclosures involving political entities. Following the breach, the victim acknowledged the security failure and alleged that there had been prior blackmail attempts by the hackers, a claim the Legion group denied. At the time of reporting, the authenticity of the full dataset that was leaked could not be independently verified by journalists. This incident represents the primary documented event directly linking the Kingfisher alias to a major information security compromise, highlighting a targeted attack on a high-profile Indian business figure with alleged political connections, conducted by a group with stated hacktivist motivations. The event underscored vulnerabilities in social media account security for prominent individuals and the potential for data leaks to have wide-ranging personal and professional repercussions. The hacker group's methodology and stated rationale were part of the public narrative surrounding the breach, though the full technical details and the complete scope of data exfiltration remained unclear based on the available reporting. The aftermath involved public statements from the victim and continued threats from the attackers, contributing to a narrative of digital extortion and information warfare. No further verified incidents or detailed operational information about the organisation itself, beyond its association with this event and its Indian headquarters, is provided in the source material.