BreachExchange mailing list archives
“Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 13 Jul 2020 09:16:47 -0500
https://www.technadu.com/religare-impact-guru-leaked-data-5-5-million-indians/128446/ Cyble’s dark web sweepers located two more fresh leaks, both belonging to Indian firms. The first is the health insurer “Religare,” who has lost over 5 million records as a result of a catastrophic hacker attack. The second is the crowdfunding platform known as “Impact Guru”, which lost the details of 507,000 users. Both sets of stolen data are already available for purchase on the dark web, as this is where Cyble found them. It is unclear if the attacks involved the use of ransomware tools, or if the hackers simply broke in the networks of the companies. Starting with “Impact Guru”, the non-government organization is a crowdfunding platform that supports startups and creative individuals in India, as well as in another 15 countries. It has raised over $21 million since 2015 when it was established, and it is considered India’s leader in the field. The malicious actors who targeted “Impact Guru” have managed to steal 507,000 records that contain the following details: Email IDs in encrypted and also in plaintext form Banking details of 8,000 users (SWIFT, IFSC, account numbers) Chat history Pan Card number Aadhar Card number Facebook ID, Twitter ID, Linkedln ID, Apple ID (if available) Address Registration Date Paypal Email IP Address Location Source: Cyble Blog Continuing with the “Religare” breach, this one includes both five million customers and 6,000 employees of the health insurance firm. Religare operates over 146 offices across the country, so the consequences extend vastly. The details that have been exposed and which are for sale to anyone willing to buy the packs include the following: For customers: Name Address Mobile number Email IDs Date of birth Customer ID Policy number Start date and end date Agent assigned Name of the policy Sum insured and renewal amount Source: Cyble Blog For employees: Full names Mobile numbers Dates of birth Usernames Password hashes Individual authorization keys Official email IDs Email signatures having office address and personal mobile numbers Last login and last logout Internal IP address through which they connected to the portal Source: Cyble Blog Cyble has informed both companies of the data leaks, but it’s unlikely for the affected individuals to receive an official notice of a breach. Entities in India are obliged by law to disclose these incidents, but the authorities aren’t very strict about this, at least not until now. The details that have been leaked are highly sensitive, so if you are included in the datasets, you should take many precautions against potential scams and threats. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- “Religare” and “Impact Guru” Leaked the Data of 5.5 Million Indians Destry Winant (Jul 13)