The credit and debit card details of over 70 lakh Indians have been leaked on the dark web. As per a cyber security researcher, the sensitive data of Indian users that have been leaked which includes cardholders’ names, phone numbers, income details, account details, and more. The data that has been exposed, carries users’ information from 2010 to 2019.
As per cyber security researcher Rajshekhar Rajahria, the 2GB database on a Google Drive link consists of the names of credit, debit cardholders, phone numbers of the users, email addresses, the name of the employers of the users, annual income. It also consists of information about users’ mobile alerts and their PAN Card details.
“Data pertains to the period between 2010 and 2019, which could be very valuable to scammers and hackers. Since this is financial data, it is very valuable for hackers and scammers as they can use the personal contact details for phishing or other attacks,” Rajshekhar told IANS in a statement.
Another report by Inc 42 revealed that the data that has been exposed on Dark Web belongs to some of the employees of Axis Bank, Bharat Heavy Electricals Limited, Kellogg India Private Limited, and Mckinsey and Company among others. The report said that the annual incomes of these employees range from Rs 7 Lakhs to 75 Lakhs.
As per Rajaharia, this could be the third-party service providers who are contracted by banks to sell credit/debit cards. According to him they could have leaked the details of the users on the dark web.
While it cannot be concluded whether the data of 70 Lakh Indian users is genuine or not, Rajaharia has claimed that he has verified most users and tallied the data provided on the dark web and found them to be absolutely accurate.
“I think someone sold this data/link on the dark web and later it became public. Financial data is the most expensive data on the Internet,” he said.
The Indian Computer Emergency Response Team (CERT-In) is yet to confirm or deny Rajshekhar’s claims.
This is not the first time the cases of data leaks have surfaced on the internet. Earlier in November, the online grocery store became the target of hackers. According to cyber intelligence firm Cyble, sensitive data of BigBasket users such as full names, email IDs, password hashes, contact numbers, addresses have been accessed by hackers and exposed on the dark web. Adding to the woes of BigBasket, a hacker has put the data on sale for around Rs 30 lakh.
Big names like Amazon, BigBasket, Paytm etc. have always been in news for such cyber financial frauds.