Researchers at the data breach monitoring firm Cyble Inc, in their routine intelligence gathering checks, found a 2.3GB sized .zip file on one of the hacking forums that contained personal details of more than 29 million job-seekers from India.
Cybercriminals have leaked these details of Indian job-seekers on the dark web and made it available for free to download.
According to Cyble, “the original leak appears to be from a resume aggregator service collecting data from various known job portals”.
Today, Cyble cited an anonymous entity that claimed the leaked data originated from an unprotected elastic search instance.
As shown in the above image, the leaked records appear to be from Naukri[dot]com, TimesJob, and also from almost every state in India.
After obtaining the leaked data, Cyble confirmed that the records contained personal details such as names, physical addresses, email ids, phone numbers, current salary details, employer, field, etc.
In the last 12 hours, the same threat actor has “dropped almost 2,000 Indian Identity cards (Aadhar cards) as well in one of the hacking forums,” said Cyble.
“Based on the filename, it appears to have originated from 2019,” said researchers. See below:
After further analysis, researchers at Cyble found that the actor leaked 1.8 Million Aadhar card details of Citizens in Madhya Pradesh state, India recently on hacking forum. See below:
The main concern is that the leaked information of 29.1 million jobseekers and Aadhar card details of the 2000+ citizens could be used by cybercriminals to conduct large-scale scams, identity thefts, phishing campaigns, and corporate espionage.
This is a build up story, stay tuned for more.
Cyble has added this leaked data to its data breach monitoring and notification platform AmIbreached.com.
To check if your personaL details are exposed in this breach, you can register here.