A hacker sold millions of records of Indian police on the dark web

March 15, 2023
Hacker Stolen Records Data Leak India Indian Police Dark Web Security Breach

On March 13, a dark web hacker who goes by the username of ‘Tailmon’ published a post claiming that they are selling more than 900 million records and documents of Indian police, totalling about 600GB of the alleged stolen database.

Our iZOOlogic researchers discovered this issue during a routine threat monitoring of the dark web. According to the findings, the threat actor attained records from the declared victim, which included legal documents related to accused and arrested people, police reports, and court cases.


The source of the alleged stolen Indian police records has not been revealed.


With the limited information shared by the threat actor in this report, the source of the alleged stolen records from the Indian police has also not been revealed. Moreover, the declared victim has also yet to release a statement to confirm or refute the claims of Tailmon.

Thus, the lack of additional information from the threat actor and confirmation from the victim deems the data breach claims unconfirmed. Even though it is unconfirmed, our iZOOlogic experts still warn the declared victim – the Indian police – to closely investigate the claimed data breach attack from the threat actor and implement robust security protocols as appropriate.

Tailmon has also not shared how much they are selling the stolen database.

On the other hand, the threat actor’s post mentioned that the stolen documents they were selling had been compiled in a JSON format of an OCR (optical character recognition), which converts an image of a text into a machine-readable format.

A sample of this file was also shared in the post via a screenshot, supposedly proving the threat actor’s claims to be true. Our researchers’ observation of the shared screenshot showed a table of names of accused people alongside their gender, age, father or spouse name, address, PS of residence, district, PS name, and case or GDE reference.

Our threat monitoring team will continue to probe this issue and provide updates should they ensue.

About the author

Leave a Reply