As many of you might have heard about this, Yatra.com faced a data breach in 2013, and the breach knowledge became public in 2018. However, the full/raw breached data remained “somewhat” private for a few years!
A few weeks ago, and as part of our regular deepweb and darkweb sweeps, we identified a credible actor in one of the darkweb markets who was selling the full (raw, SQL) database of Yatra.com. Typically, we would pass this old breach. But we were intrigued at the same time, on why would someone even put a price point on it, as passwords are generally useless /expires within the first month of the initial breach (yeah we understand credential stuffing, but this is still quite old!) and yes, emails are there (but where it isn’t!).
Upon further analysis, we looked into the various fields of the database to assess if this OLD breach still has any risk to our subscribers. And we got the indication that the actor was up to something!
Clearly, there is a lot of interesting fields which may not have changed for everyone, including email, DOB, address, mobile number, landline (perhaps) and would be of interest to cybercriminals – and hence it has some value.
Ultimately, we decided to acquire this raw database for further validations, which included over 5 MILLION+ Indian accounts, with all of the above fields.
What’s next: The information has been indexed at Cyble’s data breach monitoring and notification platform -AmiBreached.com, and we have started notifying our existing subscribers about it as well.
Considering the nature of this data leak (and that too at such a low price point), it is expected this will likely fall into the hands of various cybercrime gangs, who might use this information for various nefarious purposes including KYC scams, Identity Thefts, Banking Frauds etc. Accordingly, we recommend people to stay vigilant and maintain good cyber hygiene.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.