Search This Blog

Powered by Blogger.

Blog Archive

Labels

Sensitive Data of 7 Million Indian Cardholders Circulating On Dark Web

A 2GB database containing private data of 7 million Indian cardholders found on Dark Web, a security researcher alerted.


There is a rapid increase in the number of data breaches last year, jumping by 17%, which has become an increasingly serious issue. Recently, sensitive data of 7 million debit and credit cardholders has been circulating on the dark web.

The 2GB database included names, contact numbers, email addresses, Permanent Account Number, income details, and employers' firm.

As per the screenshots of the leaked data, the details were found on a public Google Drive document discovered by Rajshekhar Rajaharia, an Internet cybersecurity researcher who informed Inc42, warning that as the private data pertains to the finances, it is highly valuable and can potentially be used by malicious actors to develop phishing attacks.

The database that also included the PAN numbers of around 5 lakh users, relates to the time period between 2010 and 2019 which could be of extreme significance to cybercriminals and scammers, per se. Although the card numbers were not available in the database, Rajaharia managed to verify the details for certain users including himself. He matched the LinkedIn profiles of the names mentioned in the list, and it proved to be accurate.

In a conversation with Suriya Prakash, Sr Security Researcher Cyber Security and Privacy Foundation Pte Ltd, Ehacking News attempted to understand the source of the breach: He said, "These usually don't originate at the bank level as they have secure environments. Regulators and banks often misunderstand this and spend crores securing infrastructure."

"The main source of data breaches are usually due to bank employees using their official emails to create accounts in third-party sites (social media etc). When these third parties get breached its causes issues for the bank. This can be simply avoided by putting in the SOP that employees should not use their official emails for other services, any usage should get written permission from the admin team. If this is strictly enforced majority of data breaches can be avoided."

"Also websites that collect payments like e-commerce sites should be brought user RBI regulations as they too might be causes of the breach," he concluded.
Share it:

Bank Cyber Security

Data Breach

Data Leak

Financial Data Breach

User Data