100K Santander Mexico client records for sale on data sharing forum

CloudSEK XVigil discovered a poster, on a database marketplace, advertising 100,000 Santander Mexican customers’ data for $250 in BTC

Share this Intel:

CloudSEK has discovered a data leak that contains sensitive information of 100,000 Mexican Santander users, advertised to be in clear text format.

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, claiming to be the information of 100,000 Mexican users. 

The post was published on 16 Sep 2020 at 09:54 PM (IST). The poster claims to have 100,000 Mexican users’ data, in clear text format. The database is being sold for 250 USD in Bitcoins (BTC) Records shared by the actor could be relevant to the current year. 

Santander poster 

The contents of the leak

The leaked database has the following schema: 

  • Secuencia / u6acct / u6cvereg / u6numcto / dmssnum / dmaddr1 /  dmaddr2 /  u6delomu / u6estado / dmcity / dmzip / u6ladte1 / u6tel1 / u6ladte2 / u6tel2 / dmname / u6rfc / u6licrea

 

Data Sample

This is the sample provided by the threat actor:

Santander schema

 

Mitigation

  1. Enable multi-factor authentication
  2. Use strong password 
  3. Don’t share OTPs with third-parties, as OTP is the only thing standing between threat actors and the victims’ accounts
  4. Review all online accounts and financial statements for suspicious activity. 
  5. Caution friends and family against threat actors impersonating you.
  6. Regularly update your apps and any other software you use

Disclosure

CloudSEK performed its due diligence and notified Santander Mexico on 17-Sept-2020. However, Santander had not responded, at the time of publishing this article. If we receive a reply, it will be duly updated here.

Be informed about these Threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about these threats first in your inbox.