|Middle East, UAE, Ras Al Khaimah|
|Passport Details, Visa Details|
Discovery of the leakCloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a database marketplace, advertising the information of 300,000 records belonging to visitors of the Ras Al Khaimah (RAK) Port. RAK port is a key part of Ras Al Khaimah’s economy and acts as a maritime gateway for import and export activities. The post, which was published on 11 April 2021, claims that a database of 300K visitors of the RAK port is available for sale. This has also been advertised on the threat actor’s Telegram channel.
Contents of the LeakThe leaked database contains the following information:
- 83,000 Emirates Visa
- 21,000 CID
- 70,000 Company Letter Docs
- 500 Company Licenses
- 28,000 RAK Port Licenses
Data Verification and ValidationThe threat actor has shared some sample data, which is yet to be validated.
- Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
- Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise victims’ accounts.
- Use strong passwords.
- Enable multi-factor authentication for all your online accounts.
- Don’t share OTPs with third-parties.
- Review online accounts and financial statements periodically.
- Regularly update your apps and any other software you use.