The personal data of as many as 70 lakh Indian debit and credit card holders has been leaked on the dark web, an Internet security researcher was quoted as saying by IANS. The leaked details include names of the users, phone numbers, email addresses, employer firms and annual income, security researcher Rajshekhar Rajaharia told the agency.
According to the report, the leaked database, sized 2GB, also includes types of user accounts and whether they have switched on mobile alerts or not.
"Data pertains to the period between 2010 and 2019, which could be very valuable to scammers and hackers," Rajaharia told IANS.
"Since this is financial data, it is very valuable for hackers and scammers as they can use the personal contact details for phishing or other attacks," he said. However, the leaked details did not include the card numbers.
According to Rajaharia, the leak "could have come from third-party service providers who are contracted by banks to sell credit/debit cards, for example."
PAN numbers of about five lakh card holders were also among the leaked data, the researcher said.
Though it was not verified whether the data of 70 lakh users was genuine or not, the internet researcher cross checked data of some users and found many of the fields accurate.
"I think someone sold this data/link on the dark web and later it became public. Financial data is the most expensive data on the Internet," he said.