CloudSEK has discovered a data leak that contains sensitive information of 100,000 Mexican Santander users, advertised to be in clear text format.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, claiming to be the information of 100,000 Mexican users.
The post was published on 16 Sep 2020 at 09:54 PM (IST). The poster claims to have 100,000 Mexican users’ data, in clear text format. The database is being sold for 250 USD in Bitcoins (BTC) Records shared by the actor could be relevant to the current year.
The leaked database has the following schema:
This is the sample provided by the threat actor:
CloudSEK performed its due diligence and notified Santander Mexico on 17-Sept-2020. However, Santander had not responded, at the time of publishing this article. If we receive a reply, it will be duly updated here.