Breach of data from IndiaMART: 40,000 company records found on cybercrime forums
Researchers say that sensitive information is for sale in two separate underground markets.
A breach in the online marketplace of IndiaMART has leaked sensitive data from more than 40,000 suppliers.
IndiaMART is an e-commerce business-to - business site, connecting suppliers from across India. The official app had 10 million downloads last year.
Researcher Ashok Krishna of the CloudSEK threat monitoring platform has discovered that data belonging to thousands of suppliers is being sold on online forums.
The same set of information, estimated at around 44,000 records, appears to be available for sale on two separate underground websites.
Krishna investigated a sample of one of the datasets, posted for sale on June 20, and found that it contained 44 separate records.
Each record was said to consist of sensitive information, including user IDs for suppliers, full names , addresses, e-mail addresses and telephone numbers.
Krishna says that he used publicly identified sources to verify that the data was legitimate. The sample contains records registered in February 2016, mainly from the Indian state of Gujarat.
These details could be used in a number of ways, including through phishing campaigns, scams, and even identity theft, CloudSEK explains.
"Usually our mobile numbers and email IDs are linked to banking , mobile wallets and other online accounts," explains the blog post.
"The fact that these details are available makes it easier for the threat actors to compromise the victims' accounts."
Deepanjli Paulraj, CloudSEK 's Chief Cyber Intelligence Editor, told The Daily Swig, "We were able to validate the data. It belongs to the active IndianMART vendors.
"Whether a bug on the IndiaMART website or an unsecured database, if not remedied, could put six million-plus suppliers on the platform at risk," the post explains.
The second set of data contains 43,920 records, the person posting the data claims, but the researchers were unable to verify the data.
Suppliers using the IndiaMART platform should immediately check whether their accounts have been tampered with, advises CloudSEK.
Other recommendations include reviewing all online accounts and financial statements, warning friends and family against anyone impersonating you or your business, and enabling multi-factor authentication.
Researchers also urged suppliers never to share their single-time passwords (OTPs) generated by multi-factor authentication devices.
"While this is a rule of thumb, it is particularly relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between the threat actors and the victim's accounts, "reads the blog.
CloudSEK also advised IndiaMART to carry out an audit to uncover the full extent of the leak.
IndiaMART told The Daily Swig that it was investigating the claims, but it downplayed the incident as it said the data was readily available.
"At the outset, we would like to make it clear that vendors' basic contact information is public information and is advertised on IndiaMART and other locations such as a printed directory, other internet portals and search engines.
We do not display or leak any sensitive personal information of the suppliers on our platform.
Our Cyber Security and Technical Team is evaluating the CloudSEK report which has recently been notified and is trying to find out the authenticity of the report where it is claimed that certain basic information such as the name, e-mail address, contact number, etc. of our listed suppliers is leaked.
Consequently, at present, we are not in a position to recognize the authenticity of such a report. In the event that any leakage of even the smallest level is identified by our post-investigation cybersecurity team, we will take the best possible steps to avoid such repetition in the future.
This article has been updated to include comments from IndiaMART.