🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Home
Threat Intelligence Posts
Breach

100K Santander Mexico client records for sale on data sharing forum

CloudSEK XVigil discovered a poster, on a database marketplace, advertising 100,000 Santander Mexican customers' data for $250 in BTC
Updated on
April 19, 2023
Published on
September 25, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
CloudSEK has discovered a data leak that contains sensitive information of 100,000 Mexican Santander users, advertised to be in clear text format.

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, claiming to be the information of 100,000 Mexican users.  The post was published on 16 Sep 2020 at 09:54 PM (IST). The poster claims to have 100,000 Mexican users’ data, in clear text format. The database is being sold for 250 USD in Bitcoins (BTC) Records shared by the actor could be relevant to the current year.  Santander poster 

The contents of the leak

The leaked database has the following schema: 
  • Secuencia / u6acct / u6cvereg / u6numcto / dmssnum / dmaddr1 /  dmaddr2 /  u6delomu / u6estado / dmcity / dmzip / u6ladte1 / u6tel1 / u6ladte2 / u6tel2 / dmname / u6rfc / u6licrea
 

Data Sample

This is the sample provided by the threat actor: Santander schema  

Mitigation

  1. Enable multi-factor authentication
  2. Use strong password 
  3. Don’t share OTPs with third-parties, as OTP is the only thing standing between threat actors and the victims’ accounts
  4. Review all online accounts and financial statements for suspicious activity. 
  5. Caution friends and family against threat actors impersonating you.
  6. Regularly update your apps and any other software you use

Disclosure

CloudSEK performed its due diligence and notified Santander Mexico on 17-Sept-2020. However, Santander had not responded, at the time of publishing this article. If we receive a reply, it will be duly updated here.
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Recent Posts

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action
November 15, 2023
CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks
November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations
Get started
Learn more