India-focused Data Repository of About 100GB Leaked on A Cybercrime Forum

India is a global technology leader in the world, with over 600 million users on the Internet. Home to the second-largest Internet populations in the world, it is no surprise that there has been a steady increase in the volume of cybercrime in India. With an upward trend in the data-driven digital economy in India, the breach of sensitive data and critical personal information are a constant threat.

Based on data from the Indian Computer Emergency Response Team (CERT-IN), the government agency responsible for tracking and responding to cybersecurity threats, over 3.13 Lakh cybersecurity incidents were reported in 2019 alone. A survey conducted by the security firm Barracuda Networks, a California based leader in the field of data protection, revealed that about 66% Indian companies reported at least one data breach since the rapid shift to the work-from-home structure.

On December 1, 2020, Cyble Research Team found a post on a Russian-speaking forum where the threat actor claimed to be in possession of a large amount of data of Indian citizens.

The leak contains 137 Zip files with multiple xlsx files within each. Overall, the size of the combined data is close to 28.9GB in zipped archives which when extracted yields about 103GB data. These datasets are dated between year 2016 to 2020. Initial analysis shows records containing sensitive Personally Identifiable Information (PII) ranging from birth dates, PAN details, salary information, phone numbers, and email address, etc.

A part of the data seems to have been taken out of yellow-pages or marketing databases sellers that allow marketers to target their prospect customers. The leak also includes data from a few companies, and there is a possibility that this data may have been leaked or made available for trade in the past. Cyble has analyzed the bulk of the data and is involved in further investigation for more details on the source of the data.

The diversification of this huge data repository has been quite concerning as the critical database files are made available in categories such as:

  • CEO, CFO, CTO, and CMO
  • Government Employees
  • Credit Card Holders
  • Debit Card Holders
  • HNI & High-Income Employee 5 Lac
  • B2B and B2C SME Business Corporate Industries
  • D-Mat Account Holders
  • Car Owners
  • NRIs
  • HR- Human Resources
  • IT Companies

Here are a few screenshots from the discovered database; most of these files are dated around February 2018.

Credit Card Holders (30 Lakhs+ rows)

Debit Card Holders (7 Lakh+ rows)

NRI (1 Lakh+ rows)

As shown in the image below, threat actor’s comment on the forum discussion mentions the website on the surface Internet selling the Credit Card Holder database for as low as Rs.599. Cyble has also found the same database links has been shared on GitHub; possibly by another threat actor.

Public reports have clearly stated that India is an attractive target for cybercriminals for a host of reasons ranging from motives of financial gain to geopolitical agendas. With the leak of such diverse and sensitive data, we suspect a potential increase in spamming and phishing incidents targeting Indian citizens. Cyble believes that there may be more such websites selling sensitive user data, which is quite concerning because this compromises the privacy and security of numerous Indian citizens. 

Cyble has alerted CERT-IN about this incident along with research findings on 2nd December,2020.

The threats associated with data security are on the rise, especially due to the emergence of new business models and advances in technologies. It is virtually impossible to exist in modern society without submitting at least some personal details online, which increases the avenues of data theft. Cyble believes that a strong disclosure culture once a data breach has been discovered is a necessary step towards proactive threat mitigation. We believe that data breach disclosures in India should be made mandatory under the data security regulatory framework of the Personal Data Protection Bill, 2019.

People who are concerned about their information exposure can register on Cyble’s data breach monitoring and notification platform, AmiBreached.com, to ascertain the risks at no cost. Also, Android users (Link) and iOS users (Link) can gain full access to it just by downloading the mobile application.

Here are a few ways to prevent cyber-attacks:

  • Never click on unverified/unidentified links
  • Do not open untrusted email attachments
  • Only download media from sites you trust
  • Never use unfamiliar USBs
  • Use security software and keep it updated
  • Backup your data periodically
  • Keep passwords unique and unpredictable
  • Keep Software and Systems up to date
  • Train employees on Cyber Security
  • Set up Firewall for your internet
  • Take a Cyber Security assessment
  • Update passwords regularly

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.    

Recent Blogs

Colombia OT Devices Blog

CRIL investigates the evolving threat landscape of hacktivism leading to cyberattacks on Colombian Critical Infrastructure and Zero-day Sales by Hacktivists.

Read More »
Bl00dy Ransomware Targets Indian University

CRIL analyzes Bl00dy Ransomware’s recent targeting of an Indian University via exploitation of the PaperCut vulnerability.

Read More »
PixBankBlog ATS Blog

Cyble analyzes PixBankBot, a new ATS-based malware that targets Brazilian banks through the popular Pix instant payment platform.

Read More »
Scroll to Top