New Delhi: Cybercriminals are selling huge database on the dark web which they claim belongs to the Indian Railway Catering and Tourism Corporation (IRCTC). The seller claims that the IRCTC data dump of around a million customers is from 2019.
Praveen Singh, Ethical Hacker and Cyber Security Expert said it looks like the data being sold on the dark web is a little old but it is real and original data of customers and travellers of IRCTC.
“As part of my regular deep web and dark web monitoring, I came across a threat actor who claimed to have around one million customer records of IRCTC. The data seems to be legitimate,” Praveen who is associated with Noida based Root64 Infosec Research Foundation told The420.
The database leaked by a threat actor includes the full names of users, their phone numbers, email ids, Gender, City, State and Date of birth.
A sample of the data is shown below:
Screenshot of the threat actor selling the data over the dark web:
Meanwhile, US-based cybersecurity research firm Cyble also claims to have got hold of IRCTC data being solid in the dark web. “In the course of our routine monitoring of the DarkWeb, we have come across a post in which a user has allegedly claimed that close to 1 Million user data was leaked sometime in 2019. This data has been shared by the user with the DarkWeb community today (13th October 2020),” Cyble said.
Cyble in its blog has said that this data is easily available for download, and so far, no ransom or payment has been requested by the threat actor. Furthermore, the leaked data includes sensitive user information such as Mobile Number, Date of Birth, Email, Gender, Marital Status, Name, City, and State. After removing duplicates, we could see at least 9 Lakh unique rows of user information.
The expose increases the risk of phishing attacks, scamming attempts, spam and perky calls to passengers. IRCTC so far has not issued a statement regarding this. An official statement from their end is awaited.
Here are some best practices that we recommend for protecting your data and preventing it from being misused:
- Never share personal information, including financial information and passwords, over the phone, email or SMS
- Make use of strong, unpredictable passwords and enforce multi-factor authentication where possible. Try to come up with unique passwords that do not include any personal information such as your name or date of birth.
- Regularly monitor your financial transactions and immediately contact your bank if you notice any suspicious activity.
- Turn-on the automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic to help protect your data.
- Use a reputed anti-virus and Internet security software package on your connected devices including PCs, Laptops, and Mobiles
- People who are concerned about their exposure in DarkWeb can register at AmiBreached.com to ascertain their exposure