![]() ![]() ![]() The data comprised names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses. Part of a database containing the personal information of close to 20 million users was available with a price tag of 3 million rupees ($40,000), Cyble said on November 7. BigBasket user data for sale onlineĭetails: User data from online grocery platform BigBasket is for sale in an online cybercrime market, according to Atlanta-based cyber intelligence firm Cyble. The user data is up for sale on the dark web for around $5000, according to independent cybersecurity researcher Rajshekhar Rajaharia. The theft took place last August, it said. User data from Juspay for sale on dark webĭetails: Details of close to 35 million customer accounts, including masked card data and card fingerprints, were taken from a server using an unrecycled access key, Juspay revealed in early January. He added that the government ought to take quick measures to reduce the risk of a similar breach from reoccurring and invest in a comprehensive information security program in partnership with trusted security platform providers. Niamh Muldoon, senior director of trust and security at OneLogin said: “What we are seeing here is a failure to educate and enable employees to make informed decisions on how to design, build, test and access software and platforms that process and store sensitive information such as patient records.” Furthermore, the URL structures indicated that the reports were hosted on the same CMS system that government entities typically use for posting publicly accessible documents. The leaked information included patients’ full names, dates of birth, testing dates and centers in which the tests were held. The agencies in question were found to be located in New Delhi. What’s particularly worrisome is that the leaked data hasn’t been put up for sale in dark web forums, but is publicly accessible owing to Google indexing COVID-19 lab test reports.įirst reported by BleepingComputer, the leaked PDF reports that showed up on Google were hosted on government agencies’ websites that typically use *.gov.in and *.nic.in domains. Impact: At least 1500 Indian citizens (real-time number estimated to be higher)ĭetails: COVID-19 lab test results of thousands of Indian patients have been leaked online by government websites. COVID-19 test results of Indian patients leaked online In February, hackers isolated the information of army personnel in Jammu and Kashmir and posted that database on a public website. This is the second instance of army or police workforce data being leaked online this year. The threat-intel firm was also able to confirm the authenticity of the breach by matching mobile numbers with candidates’ names. The information shared by the company shows that the leaked information contained full names, mobile numbers, email IDs, dates of birth, FIR records and criminal history of the exam candidates.įurther analysis revealed that a majority of the leaked data belonged to candidates from Bihar. The seller shared a sample of the data dump with the information of 10,000 exam candidates with CloudSEK. Threat intelligence firm CloudSEK traced the data back to a police exam conducted on 22 December, 2019. Police exam database with information on 500,000 candidates goes up for saleĭetails: Personally identifiable information of 500,000 Indian police personnel was put up for sale on a database sharing forum. Upstox apologised to customers for the inconvenience, and sought to reassure them it had reported the incident to the relevant authorities, enhanced security and boosted its bug bounty program to encourage ethical hackers to stress-test its systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |