A California-based cybersecurity research firm spotted a hacktivist group leaking data from different companies, becoming famous as the Egypt Leaks. Based on reports, the hackers leaked numerous compromised payment details owned by the customers of big-time Egyptian banks.
Today, the stolen payment data are available on the dark web, but researchers on the Telegram platform detected the first-mentioned activities of this group.
The Egypt Leaks contained troves of data from different Egyptian banks.
The exposed data included in the infamous “Egypt Leaks” are references to PII owned by potential customers of central banks in Egypt. The most notable financial institutions are the National Bank of Egypt, Bank of Alexandria, Banque Misr, HSBC Bank Egypt, Credit Agricole Egypt, and Alexbank.
Other experts claimed that the source of the data might relate to one of the affected underground marketplaces and the adversary was able to harvest data from there. Moreover, the observed leaked data were examined by analysts individually, and researchers could identify the signatures of possible script or parser scrapping entries.
Hence, the dark web marketplace may not be well-protected, which allowed the actors to acquire the data from the impacted banking institutions.
The confirmed data in the leaked files are emails, billing addresses, full names, bank names, and card types owned by customers. The threat actors have not yet spilled any Track 2 or CVV data. However, the threat actors have executed other fields that confirm the legitimacy of the data.
The threat actors may have financially driven motivation, so they are leaking this data to try and extort the affected consumers of the financial institutions. Additionally, they are waiting for the companies to execute a buyout for the stolen data, like how ransomware actors negotiate with their targets.
Cybersecurity experts advised everyone that other groups may exploit the leaked data from the threat actors for financial fraud or identity theft attacks. It is essential to make an immediate and proper move to mitigate the potential threat caused by these leaks.
As of now, reports are saying that law enforcement agencies are investigating the issue.
