Dark Web is an unexplored portion of the internet which are not generally found on google searches. The Dark Web hosts many underground services such as Hacking as a Service, insider information for sale, sensitive account information like Bank Credentials and much more.More often, these data are sold via Darknet Markets. It is similar to the services provided by Amazon or Flipkart on the surface web; except they sell illegal product/services. Unlike Flipkart and Amazon, anyone on the Darkweb can make any claims, advertisements, and that need not be true.
About PNB Disclosure.
On 20th, Feb, we identified a listing that claimed to have multiple cards that belonged to PNB that were put up for sale on a DarkWeb site. We immediately tried reaching out to PNB using the cybercrime contact emails that were listed on their website. But that email bounced.
On 21 st, Feb, 8.10 PM we were able to reach to PNB officials via a third party source. The PNB officials were quick to respond as we got a call back the same day 10.00 PM from PNB security officials. We provided them a detailed report about the leaked data.
On 22nd, Feb, 1.10 we provided them with a more detailed report. And the officials ensured swift action.
At this stage, CloudSEK has no method to ensure, if a listed data is authentic or not. Nor we do not put any effort to validate that data. It is the responsibility of the bank to validate and take necessary actions. Many a time, CC sellers try to dupe their customers by sandwiching few valid CC data between hundreds of fake data.
Whether other Banks were affected?
There are many dark web portals that sell CC information, but not every site is genuine. Some of them make invalid claims or sell fake data. For example, they would still be listing a CC that is 2 years old ( canceled by a bank) as a genuine data. They sometimes mix invalid data with original data.Hence, we can’t claim that multiple banks were affected. Even though the Dark website claimed to have other bank data, that information is outdated and the cards listed were already blocked by all other banks. We at CloudSEK maintain a unique hash related to the different data leaks for the past 2 years, and this hash helps us identify old/invalids leaks.
This is how we have come to the conclusion, that only one bank had unresolved leaks that are yet to be fixed.
About CloudSEK Technology:
CloudSEK Product X-Vigil is a Machine Learning based solution, that proactively monitors thousand of conversations on Web, DarkWeb, Underground discussion forums and alert our customers whenever a potential threat occurs. There is a very minimal human intervention for the analysis.
Example: How CloudSEK ML Technology spots a DarkWeb listing and how an automated threat report is generated.