Affected Data Fields
|Address, Login Name, Password, Email Address, Last login|
Executive SummaryCloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising 5000 login details of the Exim India users, including email addresses and passwords. With its head office at Mumbai, Exim India is a reputed daily newspaper publishing house and has been in the business for the last 40 years. The post was published on 27 April 2021 exposing the credentials of users, following a data breach incident on the same day. The threat actor has also included sample records and their Telegram contact details for potential buyers.
The Contents of the LeakThe leaked database contains Exim India users’ login credentials and personal information in the following schema:
- Login Name
- Email ID
- Last Login
Data Verification and ValidationUsing public sources we were able to verify various fields in the leaked data.
- Threat actors can leverage users’ login details to impersonate them and to launch new attacks or campaigns.
- The leaked data can be used to orchestrate other forms of targeted attacks.
- Use strong passwords
- Enable multi-factor authentication for all online accounts
- Don’t share OTPs with third-parties
- Review online accounts and financial statements periodically
- Regularly update apps and other software