Amidst the COVID-19 break, India has encountered significant data breaches reported on the 24th of May. The cybersecurity firm Cyble said 29 million user credentials being leaked on the dark web. Also, Cyble researchers spotted the breach from an anonymous entity on an unknown hackers forum. The entity further added that the instance is no longer accessible. Security researchers are examining this concern. Also, In the last few days, another threat actor has dumped almost 2,000 Adhar card user credentials (Indian Identity cards) on the same hacking forum.
Based on the filename, it appears to have originated from 2019. See below:
Upon further analysis, it appears the actor (as above; related to the Aadhaar info) drooled 1.8million user data of Madhya Pradesh Citizens on their forum.
Insights of the data breach
The cybersecurity firm has uploaded this information on its data breach monitoring and management platform, Amibreached.com. Users who are concerned about their data leakage can determine the perils by enrolling for the platform. According to a cybersecurity intelligence firm, it was found that about 29 million (2.9 crores)of user data of Indian job seekers have been leaked on the dark web for free. Its been a complete security failure from the other end.
The firm said in its official blog post that it came across a 2.3 GB zipped file on a hacking forum posted by a threat actor carrying details of the job seekers’ personal data from different states.
The firm reported that it is yet to find the legitimate source of the leak, provided the essential detailed information, security personnel says that the data could have been dawned from underground threat intruders. Observing the following image, it concludes that the set of data carries information about users’ credentials from the overall states of India.
Upon further investigation, it was found that that the main source of the leak was resume aggregator service that was collecting data from several known job portals. The cybersecurity firm told that they are still investigating its consequences, if found any information, it shall be updated on its official blog.
We usually perceive this sort of data breaches all the time. Still, at this point, the subjective message header grabbed users’ attention as it had included a lot of private aspects, where most of the elements were found generally latent such as education, age, address, etc.
And we are not wrong. The leak has a lot of personal details of millions of Indians Job seekers from different states as below.
In its detailed blog post, the security personnel from Cyble said that the data extracted from the breach includes practical information such as email, phone, home address, academic qualification, work experience, job details, and many more.
Objectifying the severity of the data leak officials stated that “Cybercriminals are always on the sentinel for users’ credentials informational to carry out such traits they do various evil activities such as identity thefts, phishing scams, and corporate surveillance.”
Why do hackers choose dark web?
The dark web is a hacker’s paradise. Usually, the web we surf is called the surface web. It comprises only 10% of the world’s web internet. While 90% of the internet remains hidden and is not accessible to everyday users. To access the dark web or encrypted web, you require a different browser called “TOR or ONION circuit.” It is challenging to identify the real IP address of the back end user.
The contents are hidden and behind HTTP forms. Hackers use the dark web, especially for web anonymity. Whenever a data breach occurs, actors intend to sell it on the dark web rather than the surface web. It’s’s because whenever you transmit data over the internet, you leave some traces which allow the cyber forensic team to track down to the real hostage.
Prashant is a student of Computer Science and Engineering at NIT Allahabad. He is also a web pentester and cybersecurity analyst. He may be an introvert and sociable person at the same time. He loves meeting new people and he is in a journey to explore himself. Currently working as a content writer at BLARROW.TECH.
BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security and architecture technology. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free.
So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.