DARK WEB: 2.9 CRORE INDIAN JOB SEEKER’S DATA LEAKED – ADVISORY BY “MAHARASHTRA CYBER CELL“
– By MEGHA MALHOTRA
As an alarming disclosure, cybersecurity analysts guaranteed that a hacker has posted personal details of nearly 2.9 crore Indian job seekers at one of the hacking forum discussions on the Dark Web for free.
As a major aspect of the regular sweep over the Deep Web and Dark Web, analysts from cybersecurity firm “Cyble” came across an interesting and fascinating thing, where a threat entertainer posted 2.3GB (zipped) file on one of the hacking forums. According to The latest blog post by Cyble on Friday “The leak basically encompassed a lot of personal details of millions of Indians Job seekers from different states.”
This breach includes delicate data such as email, phone, home address, qualification and work experience etc from job seekers spanning across states, from New Delhi to Mumbai and Bengaluru.
Cybercriminals are consistently on the lookout for such personal information to conduct various nefarious activities like identity thefts, scams, and corporate espionage. Cyble indexed this data at ‘AmIbreached.com : Cyble’s data breach monitoring and notification platform.
“Cyble researchers have recognised a sensitive data breach on the darkweb where an actor has leaked and disclosed the personal details of nearly 29 million Indian job seekers from various states. “Cyble’s team is still investigating this further and will be updating their article as they bring more facts to the surface,’ it said in a statement. Cyble said it has acquired the leaked data. The same cyber security firm earlier exposed that Bengaluru-based edtech firm Unacademy was hacked.
According to Cyble analysts, nearly 22 million Unacademy user accounts were influenced and the data was dumped and sold on Dark Web. ‘We would like to assure our users that no sensitive information such as financial data or location has been breached,” said Hemesh Singh, Co- Founder and CTO, Unacademy, in a statement.
In April, hackers sold personal data of a whopping 267 million Facebook users for just Rs 41,500 (approximately 500 Euros) that includes email addresses, names, Facebook IDs, dates of birth and phone numbers
Tips to stay safe
• Update Regularly : Use auto-updates to get the latest patches for apps, software and operating systems.
• Passwords : Using the same password on a whole raft of logins is a rookie mistake. Once hackers get one password, they’ll try it on everything else they can connect you to.
• Download from authorised sources : Whether you ‘side-load’ apps (self-install them) or go for open source software, make sure you get them from trusted sites. Check for any bundled bits (‘spyware‘ or ‘adware’) and remove them – toolbars and add-ons that change your default search engines are the biggest culprits.
• “Administrator’ shouldn’t be your default setting : Don’t log in as admin on your computer for day-to-day use (except when you have to, like if you’re installing stuff). If you download something dodgy or have already been compromised, hackers can track, install and change pretty much whatever they like.
• Turn off when you’re done : That includes logging out of sites when you’ve had your fill of memes, switching off the computer when you leave the house, or disconnecting the WiFi when you’re not using it.
• Encrypt to keep your stuff unreadable : Encryption doesn’t stop files, emails or details you submit through a website being intercepted – it ‘scrambles’ the content so they can’t be read by unauthorised users. One of the most common forms of encryption you can make use of is to check for the little padlock symbol next to the URL (or that the address starts with https, not just http) when you’re logging in or providing payment details. Most sites use this nowadays anyway, but it’s always worth checking.
• Get yourself decent anti-virus firewall software and turn it on : Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
• Back-up important data on an external hard drive or USB stick. If there’s something that you’d be gutted to lose, keep copies.
• Be picky about which companies you share your personal info with : your data’s only as secure as they are.
• Be very suspicious of emails or messages asking for login or account info, and check that any links are legit (i.e. not hsbo-bank.co.uk) and secure (https not http). This is known as phishing and is one of the easiest ways for passwords to be nicked.
• Log in to your accounts only from your own gadgets : If you do have to use a public or shared device, make sure you log out afterwards.