A notorious Dark Web Forum has its eyes on the Financial Industry in India for the past quarter

March 11, 2021
dark web forum India Financial Industry Database Merchant

This Dark Web forum is rampant on the surface web. Yet, the way to access this notorious forum is as deep as the dark web, not because you will need to access the TOR network but rather become a paying member to access and get hold of numerous leaked data for whatever reason you want to acquire them. The said forum is popular with a diverse set of people who lurks the forums, from expert researchers down to the amateurs in the industry.


Some establish their presence on dark web forum to make money from their successful heists by selling the spoils, and some like ShinyHunters who give them away for free.


Region-based attacks: India

It is common for threat actors to exploit and target more businesses and share them with the hacking community in a region-based manner due to collected interest, the origin of the attackers, and the attack’s intent. From December 2020 to March 2021, we have noticed a spike of mentions and leaks concerning the financial industry situation in the Indian region. We are going to enumerate our findings one by one:

  • December 2020 –access to the Indian Online Payment Merchant is for sale. Up until now, it is believed that the data is for sale. We believe that the identity of the said platform belongs to Freecharge, based on the layout and reverse image search techniques conducted


notorious dark web forum India financial industry image 1


notorious dark web forum India financial industry image 2


The seller is still actively selling it.


  • February 2021 – Indian Trading Brokers (5 Sites) (Total 109K Client) is given away for free in monetary value. The contents can be unlocked through the forum’s currency, which can be acquired when purchased with real money. Based on the details extracted in this breach, prominent and reputable banks in India are mentioned, thus a potential privacy concern for clients and individuals involved in each Trading account. The exposed data are namely:



notorious dark web forum India financial industry image 3


  • February 2021 – Indian Engineers Database. It is the wrong time to be an Engineer this 2021 in India because hackers will show no mercy. Two files are exposing Personally Identifiable information of numerous individuals:
    1. Engineers – 46568 rows. Headers:  Company, Name, Mobile, Email, Address, Pincode, City, Website, Category, State
    2.  Service Engineers 43564 rows. Headers: Company Name Mobile Email Address City State Category


notorious dark web forum India financial industry image 4


  • March 2021 – Indian Bank Database. The whole database, the seller says. It is gonna hurt a lot, whichever bank is this. The seller is not responsive in every possible contact method we tried to reach out to him.


Here are the allegedly exposed data:

1.customers information ( password,email,username,session,IP address,…)

2.admins username and password

3.transaction history

4.all branches info

5.all information users account statement

6.admin track request

7.site setting

8.all messages sent by a customer to the bank

and a lot of info and data in the database


He sells it for 1000 USD, where the price can go up and get sold to the highest bidder. 1000 USD is a “too good to be true” price. What if nobody bids on it? The identity of the bank is still unknown.


notorious dark web forum India financial industry image 5



  • March 2021 – 3 million Indian accounts. Not an actual data breach of an organization, rather a COMBO which is a compilation of some different breaches containing usernames and passwords collectively stored in a file. I can say that the COMBO got good stuff from the Indian region. Most are webmails, but some belong to corporations.


dark web 3 million Indian financial accounts image 6


It is noticeable that most of the dark web forum leakers are newly registered accounts. It is safe to say that these Database Merchants are practicing safety by not exposing their main accounts. Instead, they use a throw-away account to protect their real identity and, at the same time, secure the “good” standings of their main accounts.

There are so much more where these are coming from. We listed what we believed to be controversial and alarming. iZOOlogic advises each individual to regularly protect their accounts by changing passwords and activate their multi-factor authentication to avoid getting hacked, which can potentially lead to a more extensive data breach.



About the author

Leave a Reply