Cybercriminals have on March 6 claimed on a popular hacker forum that they possess an illegally obtained database belonging to Hyundai India. The criminals allege that the data relates to over 2.1 million clients of the automaker company.
Over 2.1 million clients of Hyundai India could be potentially affected by an alleged new data leak. Hackers on a popular cybercrime-related forum claim to possess a database allegedly obtained from Hyundai India.
The criminals claim that the database contains information related to over 2.1 million customers, including insurance end dates, the owner’s car’s engine capacity, the car owner’s mobile phone number, warranty date, VIN number, and vehicle number.
If the leak is authentic, then this data would be enough to find out the identity and potentially the physical address of the affected car owners.
The VIN numbers leaked could potentially help criminals track down victims and check on the activity related to their cars, such as insurance, road taxes, and more.
The data obtained could also enable criminals to impersonate car owners at various government institutions that provide online solutions – such as card registration, insurance, etc.
The data could also help spammers and scammers to impersonate government institutions and attempt to extort money from unsuspecting victims.
The database is being sold at $400 by the supposed cybercriminals. Several posters on the respective hacker forum commented that they purchased the database and claimed that the data it contained was legitimate.
We believe security online security matters and its our mission to make it a safer place.
It is unclear at this moment how this database was obtained. The hackers did not reveal the time of this alleged data breach and included data covers.
Samples were provided by the cyber criminals, however, Privacy Affairs was unable to determine the authenticity of the information it contained. As such, we cannot determine whether this alleged leak is authentic.
The forum post and sale thread were created by a forum poster who in the past was involved in confirmed data breaches and the sale of illegally obtained databases.
A large number of such sale threads are created by cyber criminals on these forums daily. While many of these posts and claims by the alleged hackers turn out to be just scams, many are authentic and result from data breaches and hacks.