On April 29, 2021, a Threat Actor (TA) posted on a cybercrime forum claiming to be in possession of 130 million records of India-based Customs data. Our research indicates that the TA has been quite active on the forum, selling a variety of datasets that directly affects various countries.
Figure 1 shows the post made by the TA in the cybercrime forum.
Figure 1: Forum Post
On further investigation, Cyble researchers found that the leaked data contains information on ports. It includes Port names, Import and Export Date, Importer name, Importer Address, Supplier name, Supplier Address, Invoice details, Pricing information, Exchange rates, and Importer-Exporter Code.
Figures 2 and 3 depict the attributes of the data.
Figure 2: Data Attributes
Figure 3: Data Attributes
Figures 4 and 5 display samples of the leaked data.
Figure 4: Sample Data 1
Figure 5: Sample Data 2
As per our investigation, the leaked dataset is huge, containing unique records of:
- 228 Indian ports,
- 150,992 importers from 2019,
- 135,003 importers from 2020,
- 690,519 buyers from 2019, and
- 624,855 buyers from 2020
- 158208 exporters from 2019, and
- 149569 exporters from 2020
Data leaks like this can adversely impact industries such as Retail and Manufacturing as the leaked information may reveal competitor strategy and pricing details. Apart from this, the leaked information can be further misused by cybercriminals to launch targeted phishing attacks on individual ports, importers, and exporters.
Security Recommendations:
Following are some of the essential cybersecurity best practices that help create the first line of control against attackers. We recommend our readers to follow these best practices given below:   
- Never share your personal information, including financial information, over the phone, email, or SMSs.     
- Use tough to guess passwords as well as implement multi-factor authentication.     
- Make it a habit to keep a watch on your financial transactions, and if you notice any suspicious activity, contact your bank immediately.     
- Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.     
- Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.  
- People concerned about their exposure on the Dark web can register at  AmIBreached.com to ascertain their exposure.     
- Never open untrusted links and email attachments without verifying their authenticity.   
About Cyble:
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence.