4,968 TIO Markets users’ PII leaked on data sharing forum

CloudSEK researchers verified leaked data sample that the threat actor shared, discovered that the sample contained data from 111 countries.
Updated on
April 19, 2023
Published on
August 26, 2020
Subscribe to the latest industry news, threats and resources.
CloudSEK has discovered a data leak that contains sensitive information of 4,968 users of tiomarkets.com. TIO Markets is a United-Kingdom based Forex/CFD broker that is licensed by the FCA and the FSA.    

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 4,968 TIO Markets users.  The post was published on 22 August 2020 at 02:00 AM. The poster claims to have 4,968 user’s data in clear text format. Records shared by the actor is relevant to the current year.  TIO Markets post 

The contents of the leak

The sample records contain users’: 
  • First Name
  • Last Name
  • Email
  • Phone
  • Country
  • country_code
  • Campaign
  • source brand
  • norm_status
  • Description

Data verification and validation 

Using public sources we were able to verify various fields such as mobile number, in the leaked data. The data sample has listed records from across 111 countries.  TIO Markets sample records


  1. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  2. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise victims’ accounts. 

Next Steps

Recommendations for the affected users
  1. Check if your TIO Markets accounts have been tampered with. 
  2. Enable multi-factor authentication. 
  3. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  4. Review all online accounts and financial statements for suspicious activity. And change the passwords of accounts that have the same password as your TIO Markets account. 
  5. Caution friends and family against threat actors impersonating you.
General Recommendations
  1. Use strong passwords.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t share OTPs with third-parties. 
  4. Review online accounts and financial statements periodically. 
  5. Regularly update your apps and any other software you use.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations