A few days ago security researcher Sourajeet Majumdar revealed that the personal data of more than 7 billion users registered on the Moneycontrol.com platform are available on a dark web hacking forum for only $350 USD. As you may remember, Moneycontrol.com is an Indian online business news website owned by E-EIGHTEEN Dot Com (P) Ltd., a subsidiary of the media house TV18.
The cybercriminal who published this compromised database states that there are a total of 7, 73,000 records with personal data of individual users. The leak would have occurred about half a year ago, notes the publication of hackers.
The database contains sensitive data such as:
- Deleted passwords
- Country
- Phone numbers
- Date of birth
- Sex
- Domicile
- City, among other details
It should be noted that most users reside in India.
The researcher tried to contact the hackers using their Telegram ID, which allowed him to discover that the leak could be much larger, although at the moment the hackers only seem to want to sell a fraction of the compromised information. This may indicate that hackers have future plans for this leak.
Majumdar added that the hackers even shared with him some records so that the researcher could verify that the leak is legitimate: “Among the compromised information there were multiple verified moneycontrol.com accounts, indicating that it is not fictional information created by sellers on dark web.”
The expert also revealed that the information will be on sale only to 5 buyers, although a buyer can pay about $1000 so that this database is not sold to anyone else.
On the other hand, the company’s executives have defmented the reports, ensuring that the compromised information is not useful to threat actors: “We appreciate being notified about it, however, we want to assure our users that this is a set of old data that do not pose a security risk,” said Chief Technology Officer Pandurang Nayak.
Still, the expert supports its version and ensures that MoneyControl performed a massive password reset procedure to prevent cybercriminals from accessing potentially affected accounts.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.