5K Exim India Login Credentials Leak on a Dark Web Forum

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising 5000 login details of the Exim India users, including email addresses and passwords. With its head office at Mumbai, Exim India is a reputed daily newspaper publishing house and has been in the business for the last 40 years.

The post was published on 27 April 2021 exposing the credentials of users, following a data breach incident on the same day. The threat actor has also included sample records and their Telegram contact details for potential buyers.

The Contents of the Leak

The leaked database contains Exim India users’ login credentials and personal information in the following schema:

• Address
• Login Name
• Password
• Email ID
• Last Login

Data Verification and Validation 

Using public sources we were able to verify various fields in the leaked data.

Current Impact

• Threat actors can leverage users’ login details to impersonate them and to launch new attacks or campaigns.
• The leaked data can be used to orchestrate other forms of targeted attacks.

General Recommendations

• Use strong passwords
• Enable multi-factor authentication for all online accounts
• Don’t share OTPs with third-parties
• Review online accounts and financial statements periodically
• Regularly update apps and other software