Personal Data of 7 Million Indian Credit, Debit Cardholders Leaked Through Dark Web

The leaked data appears to have some records that dates back to 2004.

Personal Data of 7 Million Indian Credit, Debit Cardholders Leaked Through Dark Web

The leaked data exposes income levels and even first swiping amount of individuals

Highlights
  • A researcher discovered a link carrying the data on dark Web
  • It included information such as PAN card numbers and employer details
  • The researcher was able to verify the leaked details

Sensitive data related to around seven million credit and debit cardholders has surfaced online through dark Web, according to a security researcher. The data included not only the names of affected Indian cardholders but also their mobile numbers, income levels, email addresses, and Permanent Account Number (PAN) details. It is available for download through a Google Drive link. The link is open for public access and is said to be in circulation on the dark Web for some days now.

Cybersecurity researcher Rajshekhar Rajaharia discovered the Google Drive link from the dark Web earlier this month. It was in circulation with the title “Credit Card Holders data” by some anonymous people, Rajaharia said.

The link, that was shared with Gadgets 360, included 59 Excel files that contained the data including the full names, mobile numbers, cities, income levels, and email addresses of cardholders. It also included PAN card numbers, employer details, and type of bank account linked with the employers of the affected credit and debit card users. However, the leaked data doesn't include the bank account and card numbers of the victims.

Rajaharia told Gadgets 360 that he was able to verify some names listed in the Excel files by finding them on LinkedIn or searching the surfaced mobile numbers on caller ID app Truecaller. He even found his name there while verifying the details.

Although the data doesn't contain any clear references to the banks whose cardholders' details have been leaked, it includes the first swipe amount for most of the cardholders. There are also details to show whether the affected cardholders enabled mobile alerts on their phones.

“The data may belong to some third party that provides service or leads to banks,” Rajaharia said, who initially reported the leak to Inc42.

The exact period from which the data has been leaked is unclear. However, it is likely to include details from mostly between 2010 and early 2019. In some cases, though, the data exposed cardholders' information dating back to 2004.

“The data is related to financial products, and since most of the people exposed are professionals, it's quite expensive,” noted Rajaharia.

Gadgets 360 has reached out to CERT-In for clarity on the leak and will update this space when the agency responds.

Experts believe that being a financial data leak, the information available through the dark Web could be used by attackers for phishing and malware attacks. Karmesh Gupta, CEO of cybersecurity firm WiJungle, told Gadgets 360 that the data surfaced might also used to initiate fraud calls.

"One of the fortunate thing is that leaked data is of employees of multinationals & large corporates and since major of them are cyber-aware so they are less likely to be the victim," said Gupta. "On the other hand, the bad part is since it is difficult to identify whom this data belongs to so it will be difficult to aware the compromised users about such a leak formally until someone comes forward and do it selflessly for the betterment of society."

This is not the first time when sensitive information of a large number of individuals in India has been exposed online. In October, the personal website data of Prime Minister Narendra Modi surfaced on the dark Web. The data leak reportedly included names, email addresses, and mobile numbers of lakhs of individuals. Last year, debit and credit card data of over 1.3 million Indian banking customers was also put on sale on the dark Web by cybercriminals.


Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Google Health Studies App for Android Will Let Users Participate in Research Studies
Read in: हिंदी
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com