Cybercriminals have yesterday created a thread on a popular hacker forum claiming to possess a database of the Indian IDFC First Bank. The database allegedly contains sensitive personal details of employees.
The hackers attempt to sell the illegally obtained database for $500.
An unknown hacker or groups of hackers have posted a database sample on a hacker forum, allegedly containing sensitive employee information of the Indian IDFC First Bank.
The database allegedly contains employee information such as full names, corporate email addresses, phone numbers, and job titles and descriptions.
The hackers have not revealed the exact number of IDFC First Bank employees allegedly affected but based on their message it the alleged breach appears to be significant, potentially impacting a very large number of people.
The cybercriminals posted that they intend to sell the full database and information for $500. They have also provided a sample of 10 employees and their data to prove their claim.
While the samples provided do appear genuine, this in itself is not always a guarantee that the full database and information it contains are also genuine.
As such, it is not possible at this time to determine the veracity of the hackers’ claims.
We believe security online security matters and its our mission to make it a safer place.
The cybercriminals further explain that the alleged data can be used for phishing, scams, and even blackmail.
Such data breaches have in the past indeed resulted in such events. The fact corporate emails and phone numbers have been allegedly leaked can result in the online accounts of the alleged employees getting breached.
Scammers could also impersonate these employees by sending out fake emails in their name, while using their real contain details such as phone numbers, in the email signatures to make the emails look legitimate.
They could send out false password reset forms or require unsuspecting clients of the bank to click on links or download malicious files onto their devices.
IDFC First Bank has for the moment not commented on this alleged leak and data breach.
We will update the article later if further details emerge.