Update 06/06– Another ~60,000 IDs have been released by the same actor, and has been acquired by Cyble researchers. At this point, while we still investigating the actor, but the entity (Mandarin-speaking) appears to have access to a significant amount of data related to Indians. So far, Cyble has acquired 260 GB of data or IDs related to Indian citizens. The actor is now unreachable and appears to have changed its alias due to unknown reasons – likely due to Cyble’s researchers probes. Cyble’s investigation is underway.
03/06 Update: Cyble has acquired the leak from the actor, and confirm there are over 110,000+ IDs in the dump!
Based on files details, they appear to have originated from 2017 to 2020. Cyble is investigating the files to determine the source of this leak.
The last 4 weeks have been quite busy for our researchers, where Cyble reported a number of massive leaks such as Taiwanese Data Leak, Weibo, Credit Cards, Truecaller, Indian JobSeekers and several others.
On this instance, we came across a non-reputed actor who is currently selling over 100,000 Indian National IDs on the darknet. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest – and also the volume. The actor alleged to have access over 100,000 IDs from different places in India. The total size of the data is alleged over 100 GB!
Cyble researchers have acquired the samples of the data, and confirmed the IDs belong to the Indian nationals – the samples (~1000) included passports, PAN card, voters card, aaadhar, driver license etc as below:
Based on the samples, it appears the actor claim have substance.
Source of the leak: Preliminary analysis suggests that the data originated from a third-party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further – we are hoping to share an update soon.
Cyble researchers have also learned about a surge in KYC and banking scams – leaks such as this are often used by scammers to target individuals, especially elderlies.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks