On April 29, 2021, a Threat Actor (TA) posted on a cybercrime forum claiming to be in possession of 130 million records of India-based Customs data. Our research indicates that the TA has been quite active on the forum, selling a variety of datasets that directly affects various countries.
Figure 1 shows the post made by the TA in the cybercrime forum.

Figure 1: Forum Post
On further investigation, Cyble researchers found that the leaked data contains information on ports. It includes Port names, Import and Export Date, Importer name, Importer Address, Supplier name, Supplier Address, Invoice details, Pricing information, Exchange rates, and Importer-Exporter Code.
Figures 2 and 3 depict the attributes of the data.

Figure 2: Data Attributes

Figure 3: Data Attributes
Figures 4 and 5 display samples of the leaked data.

Figure 4: Sample Data 1

Figure 5: Sample Data 2
As per our investigation, the leaked dataset is huge, containing unique records of:
- 228 Indian ports,
- 150,992 importers from 2019,
- 135,003 importers from 2020,
- 690,519 buyers from 2019, and
- 624,855 buyers from 2020
- 158208 exporters from 2019, and
- 149569 exporters from 2020
Data leaks like this can adversely impact industries such as Retail and Manufacturing as the leaked information may reveal competitor strategy and pricing details. Apart from this, the leaked information can be further misused by cybercriminals to launch targeted phishing attacks on individual ports, importers, and exporters.
Security Recommendations:
Following are some of the essential cybersecurity best practices that help create the first line of control against attackers. We recommend our readers to follow these best practices given below:โฏโฏโฏ
- Never share your personal information, including financial information, over the phone, email, or SMSs.โฏโฏโฏโฏโฏย
- Useย toughย to guess passwords as well as implement multi-factor authentication.โฏโฏโฏโฏโฏย
- Make it a habit to keep a watch on your financial transactions, and if you notice any suspicious activity, contact your bank immediately.โฏโฏโฏโฏโฏย
- Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.โฏโฏโฏโฏโฏย
- Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.โฏโฏ
- People concerned about their exposure on the Dark web can register atโฏโฏAmIBreached.comโฏto ascertain their exposure.โฏโฏโฏโฏโฏย
- Never open untrusted links and email attachments without verifying their authenticity.โฏโฏโฏย
About Cyble:
Cybleโฏis a globalโฏthreat intelligenceโฏSaaSโฏprovider that helps enterprises protect themselvesโฏfrom cybercrimesโฏandโฏexposure in theโฏdarkweb.โฏCybleโs prime focusโฏis to provide organizations with real-time visibility into their digital riskโฏfootprint.โฏBacked by Y Combinator as part of the 2021 winter cohort,โฏCybleโฏhasโฏalsoโฏbeen recognized by Forbes as one of the top 20 Best CybersecurityโฏStartupsโฏTo Watch In 2020.โฏHeadquartered inโฏAlpharetta, Georgia,โฏand withโฏoffices inโฏAustralia, Singapore, andโฏIndia,โฏCybleโฏhas a global presence.โฏTo learn more aboutโฏCyble, visitโฏwww.cyble.com.โฏ