Indian tech-based companies have been under the sharp focus of cybercriminals for a variety of reasons such as inadequate security measures, speed vs control etc.
On this instance, Cyble’s researchers identified an actor who was selling 56GB of data, comprising of 21,000+ students Aadhar Card, their university IDs, their photo and full Signature with other details. The breach allegedly is attributed to a FinTech company, Slicepay.
Since Cyble has seen a variety of massive data breaches where 100,000s of IDs were leaked, we would have ideally skipped it, until we saw the keyword “Signatures“. Some of the other information included in the leak were – name, phone, email, aadharNumber, DateOfBirth, Gender, Full Address, College, Course, GraduationDate, Friend’s name, Friends’ number
About Slice Pay: slice (prev SlicePay) is a Fintech startup focused on Young India. They are building a transparent and less time-consuming financial platform to enhance the life experience for young Indians.
The company has raised over $27M by investors such as Gunosy, FINUP, Das Capital, Blume Ventures and others. The company acquired Trustio in 2017.
Below is the original post by the actor.
Cyble researchers decided to acquire the data and further validate the legitimacy of it.
Upon the data acquisition, the claim of the actors was verified to be legit –
Per the actor, the breach occurred due to an exposed Cloudinary bucket (cloud-based image and video management services).
Based on the leaked information, and per the actor claims, it appears the breach occurred in July 2020. Cyble has indexed the leaked data on its data breach monitoring and notification platform, AmIbreached.com.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence.
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
This monitoring and notification platform gives the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020.