An Indian security researcher claimed on Tuesday that personal details, including phone numbers and email addresses of 70 lakh Indian debit and credit card holders, have been circulating on the dark web. Other leaked details include names of the users, employer firms and annual income, said security researcher Rajshekhar Rajaharia.
The leaked database, sized 2GB, also reveals types of user accounts and whether they have switched on mobile alerts or not.
"Data pertains to the period between 2010 and 2019, which could be very valuable to scammers and hackers," Rajaharia told IANS in a statement.
"Since this is financial data, it is very valuable for hackers and scammers as they can use the personal contact details for phishing or other attacks," he said, while sharing screenshot of some leaked data.
The only saving grace is that the card numbers are not available.
Rajaharia said that the leak "could have come from third-party service providers who are contracted by banks to sell credit/debit cards, for example."
The leaked database also includes the PAN numbers of five lakh cardholders, the Internet security researcher said. While it has not been verified whether the data of 70 lakh users are genuine or not, Rajaharia verified data of some users and found the details mentioned in many of the fields to be accurate.
"I think someone sold this data/link on the dark web and later it became public. Financial data is the most expensive data on the Internet," he said.
The revelations come at a time when cybersecurity incidents have been a persistent problem for organisations around the world amid the pandemic.