24/05: Cyble researchers have been tipped-off, by an anonymous entity, that the data originated from an unprotected elastic search instance. The entity further added that the instance is no longer accessible. Cyble researchers are investigating this claim.
In the last 12 hours, another actor has dropped almost 2,000 Indian Identity cards (Aadhar cards) as well in one of the hacking forums.
Based on the filename, it appears to have originated from 2019. See below:
Upon further analysis, it appears the actor (as above; related to the Aadhaar) leaked 1.8M of MP Citizens data recently on their forum.
Cyble has indexed this information on their data breach monitoring and notification platform, Amibreached.com. People who are concerned about their information leakage, can ascertain the risks by registering to the platform.
22/05: As part of the regular sweep over the deepweb and darkweb, Cyble researchers came across an interesting item, where a threat actor posted 2.3 GB (zipped) file on one of the hacking forums.
We usually see this sort of leaks all the time, but this time, the message header got our attention as it included a lot of personal details – where most of the things are generally static such as education, address etc.
And we are not wrong, the leak actually has a lot of personal details of millions of Indians Job seekers from different states as below.
Clearly, this has a lot of personal information! At the time of writing this article, we are still investigating the source of the leak.
It appears to have originated from a resume aggregator given the sheer volume and detailed information. We will update this article as new information is identified.
Cyble has indexed this information at AmIbreached.com – Cyble’s data breach monitoring and notification platform.
Our official comments: “Cyble researchers have identified a sensitive data breach on the darkweb where an actor has leaked personal details of ~29 Million Indian Job Seekers from the various states. The original leak appears to be from a resume aggregator service collecting data from various known job portals. Cyble’s team is still investigating this further and will be updating their article as they bring more facts to the surface.
This breach includes sensitive information such as email, phone, home address, qualification, work experience etc. Cybercriminals are always on the lookout for such personal information to conduct various nefarious activities such as identity thefts, scams, and corporate espionage.
Cyble has acquired the leaked data. Those who are concerned about their information leakage can register at AmIbreached.com – Cyble’s data breach monitoring and notification service”