700K Moneycontrol User Records for Sale on the Dark Web

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising 700K records of Moneycontrol users containing their personal information. Moneycontrol is a popular Indian business news website owned by E-EIGHTEEN.com Ltd., a subsidiary of the media house TV18.

The post was published on 26 April 2021 exposing the personal information of 700K users. The threat actor responsible has been active on the forum since 2018 and has a high reputation.

The Contents of the Leak

The leaked database contains users’ data in the following schema:

• user_email
• user_pwd
• user_country
• user_phone
• user_mobile
• user_pincode
• user_dob
• user_gender
• user_address
• user_city
• user_state

Data Verification and Validation 

Using public sources we were able to verify various fields in the leaked data. The passwords that are a part of the leak are provided in clear text.

Current Impact

• The leaked records contain users’ information, that can be leveraged to carry out social engineering attacks.
• The data can also be used to orchestrate other forms of targeted attacks.

General Recommendations

• Use strong passwords
• Enable multi-factor authentication for all online accounts
• Don’t share OTPs with third-parties
• Review online accounts and financial statements periodically
• Regularly update apps and other software