Over a Million PII of Livpure Customers Leak on Cybercrime Forum

Published 20 May 2021


  • CloudSEK discovered a post advertising customer records of Livpure
  • The leaked database includes over a million PII of customers

Share this Threat Intel:

Category
Adversary Intelligence
Affected Industries
Manufacturing
Affected Region
SAARC, India

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising customer records of Livpure. Livpure is a renowned brand that offers UV & RO water purifiers and air purifiers. The CloudSEK Threat Intelligence Research team has validated the information in this post and has found that the compromised data belong to the attributed entity.

Attribution

On 13 May 2021, a threat actor shared a post advertising a database containing 1 Million+ records of Livpure customers including their PII. The actor, who joined the forum in May 2021, has been selling Indian databases in the past and gained high reputation on the forum. 

Livpure Post
Threat actor’s post on the underground forum

Analysis

Information from Source

The threat actor has shared the leaked fields from the database in the post and also shared the sample which is part of the leaked database. Database shared by the actor includes the following fields:

Name City Model
Company_name Address Part_number
Branch_name District Serial_no
Customer_type Phone Cust_prod_se
Customer_code Mobile_number Purchase_shop
Sap_code Pincode Purchase_date
Country Email address Running_warranty_status
State Brand
Livpure Sample
Sample data shared by the threat actor
Information from OSINT

Using public sources, CloudSEK Threat Intelligence Researchers were able to confirm that the compromised data contains the PII of the customers and was validated using public sources.

Impact

  • Since PII (Personally Identifiable Information) including email addresses and phone numbers have been exposed as a result of this breach threat actors can misuse the data to:
    • Carry out social engineering activities, phishing attacks, or even identity theft.
    • Phone numbers and email addresses that are part of the data dump could be linked to the victims’ banking, mobile wallet accounts, or other online services. Therefore, when this data ends up in the wrong hands, actors could compromise such accounts as well. 

Recommendations

  • Use strong passwords.
  • Enable multi-factor authentication for all online accounts.
  • Don’t share OTPs with third-parties.
  • Regularly update apps and other software.

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.