The current trend in the dark web highlighted data leak of almost 7 million Indian cardholders’ sensitive information that has been discovered for public view. Based on different cybersecurity organizations’ testimony on the leaked database, they confirmed that the data is as large as 2 GB and includes PAN numbers sold off in the dark web and afterwards been viewed for free via public Google Drive URL.
The cardholders’ information includes names, contact numbers, email addresses, a current affiliated company, their income, and if they are on mobile alerts subscription. The researcher was unable to confirm the whole database’s credibility, but he could affirm the accuracy of some entries on it. Fortunately, the information does not include the card number as this will ensure a massive loss to the victim. The data possibly came from a third-party resource company that offers credit/debit card to the Indian populace from 2010 to 2019. The information is also filtered to an applicant with an annual salary between 700,000 to 3,500,000 Rupees. These people usually work in prominent businesses from financial to manufacturing sectors in India.
This data leak is critical as this kind of exposed data is in-demand information on the dark web.
This can be used by adversaries to perform many malicious activities such as phishing and identity theft that will surely mean profit. The Indian Computer Emergency Response Team (CERT-In) has not yet provided insight into this exposure, and the cyber community waits for their official response.
In line with this data leak report, a significant increase in cybercrime has been recorded in India. Above 50 percent of established businesses have reported that they have been victimized by these threat actors. Since India implemented a nationwide lockdown as done by other countries in March, companies such as Dunzo, Bigbasket, Haldirams, and even their prime minister’s website were reportedly attacked by different threat actors. Where the exfiltrated information has been sold off in dark web. These numerous attacks where been accounted to the current situation about the ongoing pandemic and most businesses are moving towards the home-based type of work.
Different Cybersecurity group have been monitoring committed cybercrime in India as the country already began its Digitization in their economy that is projected to profit the country around USD 435 billion by 2025 providing an increase in the labour force and business opportunities to their citizens. Adversaries are already seeding their edge on India’s different sectors due to the projected economic growth that has already commenced in which a clear profit opportunity for them in the upcoming years.
