Alleged user data of Bharat matrimony for sale on DarkWeb

Despite increase in security, hackers and threat actors worldwide always seem to find a way around safety measures. From conglomerates to banks, no target is too big a target for them. The impact of the damages cost may be in millions or in some cases even in billions. 

Cyble came across a DarkWeb post where a threat actor claimed to be in possession of user data from BharatMatrimony.com. Bharat Matrimony caters to a considerable customer base beyond India. The company has offices in India, Dubai, Sri Lanka, United States and Malaysia.

This illegal possession includes the database of BharatMatrimony along with other matrimony sites such as EliteMatrimony. Close to 3+million unique lines of emails and passwords in clear text format are involved. 

The threat actor alleged to have exploited an SQL Injection vulnerability on their platform and leveraged that to extract their databases and users records. The actor is actively selling the database in various cybercrime forums for as low as USD 500 equivalent Bitcoins and has also revealed information such as server details of BharatMatrimony along with the list of all 46 databases.

According to the threat actor, the issue has been fixed

The details of the database named as ‘matrimonyms’ lists all attributes related to sensitive user information which are available for sale. 

The list contains information such as:

1. Contact numbers
2. Login credentials
3. Family details
4. Caste details

Cyble contacted Bharat Matrimony for their comments. Sharing the response below –

“We are aware of a security issue that has been reported to us recently. As per our investigation, there has been no breach of our current active database of customers. What has been reported belongs to an old database and no sensitive information has been compromised, as we continue to follow highest order of industry encryption for our customers.

Security is a high priority focus area which is continuously monitored through technology advancements and interventions. We assure you that we remain 100% committed to it.”

People who’re concerned about their information exposure can register on Cyble’s AmiBreached.com platform to ascertain the risks. Also, android users (Link) and iOS users (Link) can gain full access to AmiBreached platform by downloading the mobile application.

We recommend people to:

1. Never share personal information, including financial information over the phone, email or SMSs
2. Use strong passwords and enforce multi-factor authentication where possible
3. Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
4. Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
5. Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
6. People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.