Hyderabad: Data of nearly five lakh credit and debit cards of Indians was put on sale on the dark web, compromising their financial security.
The illegal database was discovered by Singa-pore-based cybersecurity firm Group-IB. This is the second such discovery in four months.
In October 2019, the Singapore firm had discovered a database containing records of nearly 13 lakh cards on a popular cardshop on the dark web.
With more unsuspecting people opting digital payments in the country and poor safety practices, India has become an easy target for nefarious actors.
While the source of the latest leak remains unknown, nearly 98 per cent of the records are from some of the biggest Indian banks. Moreover, not only does the database reveal very sensitive information such as card numbers, expiration dates, CVV/CVC codes, it also reveals the cardholders’ full name, emails, phone numbers and their addresses, the cybersecurity firm said.
According to the Group-IB, cybercrime research unit head, Dmitry Shestakov, “Such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers. While in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example. We have shared all the information discovered with our colleagues from CERT-In.”
Meanwhile, The Takshashila Institution’s Rohan Seth urge Indians need to take greater care about their digital safety.
He said, “India is sort of a paradox when it comes to adopting data practices. Owing to our large population size, we need the best practices, but if experience is anything to go by, we are not willing to do a lot to adopt them. India is reportedly the second most affected country due to cyberattacks, Almost 70 per cent organizations are at risk of a data breach and in 2019, Indian organizations lost `12.8 crore to data breaches. Indian organizations have been guilty of leaving parts of their websites exposed. So information that should only be accessible to people with a username and password, comes up indexed in Google, allowing anyone to access it. There have also been reports of Aadhar data being stored and transported in hard disks.”