Ever since the coronavirus lockdown started, there's a spike in the number of cyberattacks. In another major leak, personal sensitive data of over 1 lakh Indians have been leaked. Scanned copies of hundreds and thousands of Indians have appeared on the dark web, researchers at cyber intelligence firm Cyble revealed on Wednesday.
The leaked documents dumped online include scanned copies of Indian passports, PAN cards and Aadhaar cards. All the documents have been put on sale on the dark web by a non-reputed hacker.
"We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the dark net. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest -- and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India," Cyble said.
What's the risk?
Anyone who gains access to the leaked documents could exploit it for nefarious purposes, such as identity thefts, scams and corporate espionage. These legit identification proofs could be used to gain trust of people in carrying out frauds over the phone or the internet.
But the researchers found that the leaked data hasn't been obtained from the government system, but is of third-party origin.
"Preliminary analysis suggests that the data originated from a third party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further -- we are hoping to share an update soon," Cyble said.
Shockingly, this is not the first time such high volume data on Indians has been leaked on the dark web. Cyble had recently discovered that personal details of 4.75 crore Indians sourced from Truecaller was put on sale on the dark web. Truecaller, however, denied any breach in its database.
What should you do?
Due diligence in sharing personal info with anyone can go a long way. People are advised never to share personal information, especially financial details, over the phone, SMS or email. Always monitor your financial transactions and keep an eye out for suspicious transactions. Do not use the same password for multiple accounts, especially in case of online banking credentials.