Alon Gal, CTO of cybersecurity firm Hudson Rock claimed that credit card details of over 10 lakh customers of Domino’s Pizza India are being sold for Rs 4 cr on the Dark Web. Cybercriminals have claimed to have hacked Domino’s India database worth 13TB and are looking to earn $550,000 (approx Rs 4 cr ) from the database. They are also planning to build a search portal to enable querying the data. Domino’s India is yet to officially speak over the leak.
Independent cybersecurity researchers Rajshekhar Rajaharia has claimed that KYC data of around 3.5 mn users of MobiKwik is up for sale on the Dark Web. French researcher Elliot Alderson, verifying the breach, said that the 8.2TB of data contains users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details. MobiKwik, which is planning an IPO this year to raise $200-250 mn, denied the breach.
Rajshekhar Rajaharia, an independent cybersecurity researcher, said that data of nearly 10 cr credit and debit card users of India was being sold on the Dark Web via cryptocurrency Bitcoin. The massive data, according to Rajaharia, has been leaked from a compromised server of payments gateway Juspay. The Bangaluru based firm said that no financial data were compromised during the Aug 2020 cyber-attack and the actual number was much lower than 10 cr.
Cyber-attacks have cost Russian firms and citizens up to $49 bn in 2020 as the number of crimes linked to bank cards has shot up by 500%, the country’s largest lender Sberbank said. The private sector remained the most vulnerable as everything from the accounts to financial data and documents was targeted. Over 2.3 mn darknet accounts operating in Russian offer the stolen data. Russians may lose as much as 10 bn roubles from phone fraud this year alone.
The cyber intelligence firm Cyble has claimed that data belonging to 2 cr users of BigBasket has been put on sale for around Rs 30 lakh on the dark web. The data include names, email IDs, password hashes, contact numbers, addresses, DOB, location, IP addresses, etc. BigBasket has filed a complaint with the Bengaluru Cyber Crime Cell to verify claims of the data breach. Cyble said that breach occurred on October 30, 2020.
Deep web and dark web are often used interchangeably while talking about internet crimes; But they’re not same. Deep web comprises 90% of the internet and is its second layer. Data here is encrypted and can be accessed by a unique username password combination. Dark web is the subset of deep web. While deep web mostly has good and bad data, dark web is mostly illicit. It requires special software for access to avoid tracking of users’ IP address.
Aadhaar, PAN card and passport copies of over 1 lakh Indians are available for sale on the dark web said cyber intelligence firm Cyble. The data seems to be originated from a third-party organisation and not form any government body. The personal data leak leads to various cyber crimes including identity thefts, scams, and corporate espionage. Besides, criminals use personal details to build trust over a phone call or emails for fraudulent activities.
Cybercriminals leaked personal data of 2.9 cr job-seeking Indians, such as email, phone, address, qualification, work-ex, on the dark web for free, claimed Cyble. Names of some of the leading job websites also appeared on the screenshot in the blog posted by the online intelligence firm. The leak appeared to have originated from a resume aggregator. The company had recently revealed the hacking of Facebook and Sequoia-funded Indian education technology firm Unacademy.
Email ids, passwords, mobile numbers and IP addresses of around 3.5 mn Zoomcar subscribers are up for sale on the Dark Web, claimed cybersecurity consultant Rajshekhar Rajaharia. The data, available for $300, said to be of the year July 2018. Dark Web is the cyberspace where content is encrypted and cannot be searched using normal search engines. Hackers sell data after a year of the breach as it makes it difficult for law enforcement agencies to track them.