All Threat Intelligence posts

40,000+ Indian online marketplace suppliers’ data leaked

June 24, 2020
4
min read

CloudSEK has discovered a data leak that contains sensitive information of 40,000+ suppliers registered on IndiaMART. IndiaMART InterMESH Ltd. is an Indian e-commerce company that is an online marketplace for B2C, B2B, and customer to customer sales and services. As per their website, they have 6 million+ suppliers on the platform. 

Discovery of the leak

CloudSEK researcher Ashok Krishna discovered posts on 2 forums advertising a database of 43,920 suppliers registered on IndiaMART

On one forum the post was published on 20 June 2020 at 11:03 AM. The poster claims to have 49,000+ ‘Indiamart business data.’ In response to this post, another forum member commented that the dump contains 42,985 records, including email addresses. 

Forum post which claims 49000 records of Indiamart.

On the second forum the post was published on 22 June 2020 at 6:11 AM. The poster claims to have 43,920 records, even though the sample filename is ‘Indiamart 01 (Business) – 49000.xlsx.’ In response to this post another forum member commented that he/she has a total of 700k of this data and has shared a sample as well. We couldn’t verify the commenter’s claim.  

Forum post which corrects the records are actually 42000+ not 49000 Indiamart.

We downloaded the sample from the first forum to validate its contents.  

The contents of the leak

The sample file contains 44 records and each record has the following fields:

  • User ID
  • First name
  • Last name
  • Address
  • Phone number (landline)
  • Mobile number (two mobile numbers)
  • Email address
  • City
  • State
  • Country
  • Zip code
  • Company
  • Admin
  • Account created date

Data verification and validation 

Using public sources we were able to verify various fields in the sample data, and found it to be authentic and active. The sample contains the details of suppliers who registered in February 2016, and are primarily from the Indian state of Gujarat. However, this may or may not be representative of the complete dump. 

IndiaMart Dump Sample data being verified

IndiaMart Dump Sample data being verified by CloudSEK researchers

 

Impact

  1. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  2. Since the source of the leak is not known, there is a possibility that threat actors can continue to exploit it. Whether a bug in the IndiaMART website or an unsecured database, if not remediated, could put 6 million+ suppliers on the platform at risk.  
  3. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the victims’ accounts. 

Next Steps

Recommendations for the suppliers
  1. Check if your IndiaMART accounts have been tampered with. 
  2. Enable multi-factor authentication. 
  3. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  4. Review all online accounts and financial statements for suspicious activity.
  5. Caution friends and family against threat actors impersonating you.
Recommendations for IndiaMART
  1. Inform the affected suppliers and ensure their accounts have not been compromised. 
  2. Identify the source of the leak and fix the vulnerability at the earliest.
  3. Perform an audit to ascertain the full extent of the leak and check if threat actors have launched any other attacks.

Disclosure

We notified IndiaMART and CERT India on 22-Jun-2020. While CERT India has responded, asking for more details about the leak, IndiaMART had not responded, at the time of publishing this article. If we receive a reply, it will be duly updated here. 

Tags:
No items found.