In 2020, major tech firms in India suffered data breach that ranged from personal data to sensitive data of users.
In a recent report by a security researcher, sensitive data of around seven million credit and debit cardholders in India has surfaced on the dark web that includes names, mobile numbers, income levels, email addresses, and Permanent Account Number (PAN) details.
All this sensitive data was available as a Google Drive link for public access for some days on the Dark Web.
The Google Drive link was discovered by Cybersecurity researcher Rajshekhar Rajaharia from the dark web earlier this month, he notes that the link was available with the title “Credit Card Holders data” posted by some anonymous people.
The link included 59 Excel files that contained the data including the full names, mobile numbers, cities, income levels, and email addresses of the cardholders. It is also noted that the excel sheets included PAN card numbers, employer details, and type of bank account linked with the employers of the affected credit and debit card users.
Researcher verified some names listed in the Excel sheets by finding them on LinkedIn or searching the surfaced mobile numbers on caller ID app Truecaller and amusingly he found even his name in the list while verifying the details. The data doesn’t clarify which banks cardholders’ details have been leaked, but it includes the first swipe amount of most of the cardholders.
The exact time period of the data leak is not clear, however the details available are mostly between 2010 and early 2019. In some cases, the leaked data exposed information dating back to 2004.