CloudSEK has discovered a data leak that contains sensitive information of 25,000 United Arab Emirates (UAE) police officers. The police in the UAE come under the Ministry of Interior. However, each of the 7 emirates has a police force that is responsible for law and order within their borders. And the ministry integrates these police forces and security systems.
Discovery of the leakCloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 25,000 UAE police officers. The post was published on 07 July 2020 at 11:51 AM. The poster is selling ‘UAE Full(25K) police info’ for $500 and has shared 9 samples to support their claims. In response to this post several forum members have shown interest in buying the data. We downloaded the samples from the forum to validate its contents.
The contents of the leakThe sample images contain 9 police officers’:
- First name
- Last name
- Mobile number
- Email address
- Work phone number
- Address (in some cases)
Data verification and validationUsing public sources we were able to verify various fields in the sample data. The sample contains the details of officials in the Dubai and Abu Dhabi Police forces. In response to a buyer’s query, the seller has shared the image of an Abu Dhabi Police (adpolice.gov.ae) database that contains 31,878 files and 6 folders.
ImpactSince this data belongs to law enforcement officials, the impact is much greater:
- These details could be used to harass and blackmail officials.
- Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
- Since the source of the leak is not known, there is a possibility that threat actors can continue to exploit it.
- Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the officials’ accounts.
Recommendations for the affected officials
- Enable multi-factor authentication for all online accounts.
- Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the officials’ accounts.
- Review all online accounts and financial statements for suspicious activity.
- Caution friends and family against threat actors impersonating them.
Recommendations for the police forces
- Inform the affected officials.
- Identify the source of the leak and fix the vulnerability at the earliest.
- Perform an audit to ascertain the full extent of the leak and check if threat actors have launched any other attacks.