New Delhi: After data of banks and online shopping websites, now data of students is under threat from cybercriminals. According to cyber experts, phone numbers, email ID and addresses of at least 2 lakh CAT students is being sold on the web. However, there is no clarity on how the leak happened.
Indian cybersecurity experts have discovered a post that claims to be selling data containing sensitive information of over two lakh students who had appeared for Common Admission Test (CAT 2019), the principal entrance exam for MBA admissions in India.
Delhi based cybercrime expert Praveen Singh and Bengaluru based CloudSEK’s Cyber Threat Intelligence Team (CTI) have found a post, on a database marketplace selling data of more than 200K students who had appeared for the CAT examinations in 2019.
CloudSEK found that the post was published on September 17this year. The poster claims to have 200,000 students’ records, in clear text format. Records shared by the cybercriminals are relevant to the year 2019.
The sample records have applicant name, email address, mobile no, father name, category, state, town/city, total percentile and other previous education details. “The personally identifiable information (PII) data leaked through this breach might be used by marketing companies for their profits and also might be used by the hackers to get the users trapped into a planned social engineering attack,” said Praveen Singh, cybersecurity expert and a researcher with Root64 Foundation.
He warned that the users whose data is there in the leaked database should become aware in terms of cyber safety and security.
Meanwhile, CloudSEK also confirmed, “Using public sources we were able to verify the leaked data.”
“Cybercriminals can misuse Personally Identifiable Information to carry out social engineering activities, phishing attacks, or even identity theft. This breach will let unauthorized personnel view a candidate’s academic details along with their test scores,” said researchers at CloudSEK
CloudSEK added that the source of this leak is still undisclosed. If the technical vulnerability that caused the leak persists, then such attacks would happen again unless it is patched.
IIM Kozhikode was the convener of CAT 2019. A senior professor of IIM wishing anonymity told The420.in IIMs and CAT centres do not share data of any applicants. Even while sharing the CAT scores with the non-IIM member institutions, sensitive details like address, mobile number, email ID etc is not shared with them.