BharatPay Personal data, Transaction Details Of 37,000 Users Leaked
CloudSEK’s threat intelligence arm, XVigil, found that BharatPay’s backend database containing customers’ personal information, bank balance, and transaction data from Feb. 2018 to Aug. 2022 was leaked on a cybercrime forum.
BharatPay provides various digital financial services, including fund transfers and cash deposits. The services include customers as well as merchants by partnering with numerous distribution networks all across India.
Dangers Of Leaked Data
The leaked data includes callback response logs, which contain information about the transacting entity’s phone number, transaction ID, and bank balance amount. Leaked data containing PII and sensitive financial information could make users targets spear-phishing attacks.
Furthermore, researchers tell us that the exposed data could equip threat actors with the information required to launch sophisticated ransomware attacks. They could also aggregate the information for sales on the dark web.
The threat actor may be a reliable source and has provided valid information in the past. Sunny Nehra corroborate the reputation of the threat actor on cybercrime forums and his meteoric rise as well.
The Threat Actor has a reputation score of 967 and has achieved ‘God status’ in a fairly short period.
Hostinger Preview Domain Exploited By Attackers
Threat actors are using Hostinger’s preview domains feature to target Indian banking customers in a new phishing campaign. The feature in the hosting provider allows threat actors to access a site before it is publicly available.
Permitting them to view website content before a domain is assigned to it. These 12-24 hours aka DNS Zone Propagation time is the time between the registration of a domain and when it becomes globally available.
Researchers believe the threat actors made use of the propagation time and the preview domain feature. Therefore, distributing phishing URLs and campaigns to defraud Indian banking users.
Texts, emails, and social media are used to disseminate the campaigns hosted on phishing domains. The bank’s real-time monitoring tool, which usually allows it to swiftly identify and take down phishing sites, has likely been missing the phishing effort of cyber criminals.
