4,968 TIO Markets users’ PII leaked on data sharing forum

CloudSEK researchers verified leaked data sample that the threat actor shared discovered that the sample contained data from 111 countries.

Share this Intel:

CloudSEK has discovered a data leak that contains sensitive information of 4,968 users of tiomarkets.com. TIO Markets is a United-Kingdom based Forex/CFD broker that is licensed by the FCA and the FSA.  

 

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 4,968 TIO Markets users. 

The post was published on 22 August 2020 at 02:00 AM. The poster claims to have 4,968 user’s data in clear text format. Records shared by the actor is relevant to the current year. 

TIO Markets post 

The contents of the leak

The sample records contain users’: 

  • First Name
  • Last Name
  • Email
  • Phone
  • Country
  • country_code
  • Campaign
  • source brand
  • norm_status
  • Description

 

Data verification and validation 

Using public sources we were able to verify various fields such as mobile number, in the leaked data. The data sample has listed records from across 111 countries. 

TIO Markets sample records

Impact

  1. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  2. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise victims’ accounts. 

 

Next Steps

Recommendations for the affected users
  1. Check if your TIO Markets accounts have been tampered with. 
  2. Enable multi-factor authentication. 
  3. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  4. Review all online accounts and financial statements for suspicious activity. And change the passwords of accounts that have the same password as your TIO Markets account. 
  5. Caution friends and family against threat actors impersonating you.

 

General Recommendations
  1. Use strong passwords.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t share OTPs with third-parties. 
  4. Review online accounts and financial statements periodically. 
  5. Regularly update your apps and any other software you use.

Be informed about these Threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about these threats first in your inbox.