2.9 crore Indian job seekers’ data leaked on Dark Web: Report
By Kosha Doshi:-
In a startling revelation, cybersecurity researchers have claimed that a hacker has posted personal details of nearly 2.9 crore Indian job seekers at one of the hacking forums on the Dark Web for free. As part of the regular sweep over the Deep Web and Dark Web, researchers from cybersecurity firm Cyble came across an interesting item, where a threat actor posted 2.3GB (zipped) file on one of the hacking forums. “The leak actually has a lot of personal details of millions of Indians Job seekers from different states,” Cyble said in its blog on Friday.
During these times of lockdown on one hand people from all across the globe are spending more time online to keep themselves busy and entertained; and on the other cybercriminals are taking advantage of this increasing time to benefit from the health crisis. Our fear during this pandemic becomes an opportunity for the cyber criminals to feed and take advantage from our fear. The World Health Organization (WHO) has recently warned the public about suspicious email messages which attempt to take advantage of the COVID -19 emergency situation.
There have been reports of hacking attempts against WHO’s own computer system during this outbreak crisis. Reports suggest cyber criminals might be looking for information in regard to cures, tests and vaccines which they might hold for ransom or disrupt the operability. But why should an individual fear? As people are panicking, they are using internet as a source to obtain whatever information possible for protecting themselves. Individuals search for more and more information on the COVID-19 due to their curiosity but this might be dangerous. Hackers are waiting at the other side, wherein they try to hack into people’s accounts. India has already witnessed several instances of cyber-crimes during this situation.
This breach includes sensitive information such as email, phone, home address, qualification and work experience etc from job seekers spanning across states, from New Delhi to Mumbai and Bengaluru. Cybercriminals are always on the lookout for such personal information to conduct various nefarious activities such as identity thefts, scams, and corporate espionage. “It appears to have originated from a resume aggregator service given the sheer volume and detailed information,” it added.
Cyble indexed this information at ‘AmIbreached.com; – Cyble’s data breach monitoring and notification platform. “Cyble researchers have identified a sensitive data breach on the darkweb where an actor has leaked personal details of nearly 29 million Indian job seekers from various states. Cyble’s team is still investigating this further and will be updating their article as they bring more facts to the surface,’ it said in a statement.
Cyble said it has acquired the leaked data. The same cyber security firm earlier exposed that Bengaluru-based edtech firm Unacademy was hacked. According to Cyble researchers, nearly 22 million Unacademy user accounts were affected and the data was dumped and sold on Dark Web. ‘We would like to assure our users that no sensitive information such as financial data or location has been breached,” said Hemesh Singh, Co- Founder and CTO, Unacademy, in a statement.
In April, hackers sold personal data of a whopping 267 million Facebook users for just Rs 41,500 (approximately 500 Euros) that includes email addresses, names, Facebook IDs, dates of birth and phone numbers. No passwords of the 267 million Facebook users were exposed by the hacker, according to Cyble.