700K Moneycontrol User Records for Sale on the Dark Web
Published 29 April 2021
- CloudSEK’s XVigil discovered a post advertising the information of 700K records of Moneycontrol users
- The leaked data includes users' email address, password, phone number, gender, date of birth, etc.
Share this Threat Intel:
Affected Data Fields
|Email, Password, Country, Phone, Mobile, Pincode, DOB, Gender, Address, City, State|
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising 700K records of Moneycontrol users containing their personal information. Moneycontrol is a popular Indian business news website owned by E-EIGHTEEN.com Ltd., a subsidiary of the media house TV18.
The post was published on 26 April 2021 exposing the personal information of 700K users. The threat actor responsible has been active on the forum since 2018 and has a high reputation.
The Contents of the Leak
The leaked database contains users’ data in the following schema:
Data Verification and Validation
Using public sources we were able to verify various fields in the leaked data. The passwords that are a part of the leak are provided in clear text.
- The leaked records contain users’ information, that can be leveraged to carry out social engineering attacks.
- The data can also be used to orchestrate other forms of targeted attacks.
- Use strong passwords
- Enable multi-factor authentication for all online accounts
- Don’t share OTPs with third-parties
- Review online accounts and financial statements periodically
- Regularly update apps and other software