5K Exim India Login Credentials Leak on a Dark Web Forum
Published 04 May 2021
- XVigil discovered a post, on a surface web database marketplace, advertising 5000 login details of the Exim India users
- The leaked data includes email addresses, passwords, etc.
Share this Threat Intel:
Affected Data Fields
|Address, Login Name, Password, Email Address, Last login|
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising 5000 login details of the Exim India users, including email addresses and passwords. With its head office at Mumbai, Exim India is a reputed daily newspaper publishing house and has been in the business for the last 40 years.
The post was published on 27 April 2021 exposing the credentials of users, following a data breach incident on the same day. The threat actor has also included sample records and their Telegram contact details for potential buyers.
The Contents of the Leak
The leaked database contains Exim India users’ login credentials and personal information in the following schema:
- Login Name
- Email ID
- Last Login
Data Verification and Validation
Using public sources we were able to verify various fields in the leaked data.
- Threat actors can leverage users’ login details to impersonate them and to launch new attacks or campaigns.
- The leaked data can be used to orchestrate other forms of targeted attacks.
- Use strong passwords
- Enable multi-factor authentication for all online accounts
- Don’t share OTPs with third-parties
- Review online accounts and financial statements periodically
- Regularly update apps and other software