A recent dark web investigation of iZOOlogic researchers revealed that several Indian gambling firms’ databases had been found for sale on cybercrime forums. Based on the information gathered by our researchers, a threat actor under the username “stash09” had posted the database leaks on underground marketplaces for interested clients to purchase.
Cyberattacks in India have reportedly surged since lockdowns were implemented last 2020 upon the spread of COVID-19. In a report, experts explained that about a 500% uptick in attacks had been detected in India since March 2020, including data breaches, phishing, hacking, and fraud.
Among the many sectors affected by cyberattacks worldwide, online gambling sites are one of the most targeted by attackers.
An analysis of online gambling sites targeted by cybercriminals explained that most of these sites were made live without proper defence measures and threat security. Thus, many attackers leverage these vulnerabilities along with the opportunity to heist massive sensitive databases or monetary profit against betting firms actively operating online.
These widespread attacks against online betting firms included those from India – after our research team in iZOOlogic discovered loads of gambling databases from the country posted for sale on underground marketplaces.
Based on our research, the affected Indian gambling databases and their respective users include those from Casino with 38,000 users, Dream11 with 400,000 users, MPL with 400,000 users, 3Patti with 400,000 users, Tambolabingo with 286,000 users, and Fun88 with 400,000 users. The data leak is believed to have affected the patrons per gambling platform mentioned, which compromised their personal and contact details.
The data legitimacy in the research is yet to be confirmed and is still under in-depth investigation. However, the perpetrator of the data leak has released some samples as proof that they indeed hold a massive amount of data from these affected betting firms.
Additionally, our team has yet to discover how the threat actor obtained the leaked data. Yet, based on some intelligence, a connection between “stash09” and a data leaker “@M2 Soft” could be attributed to the case. Further updates about the incident will be supplied once all details and information are verified.
