CloudSEK XVigil discovered a poster, on a database marketplace, advertising 100,000 Santander Mexican customers’ data for $250 in BTC
CloudSEK has discovered a data leak that contains sensitive information of 100,000 Mexican Santander users, advertised to be in clear text format.
Discovery of the leak
The post was published on 16 Sep 2020 at 09:54 PM (IST). The poster claims to have 100,000 Mexican users’ data, in clear text format. The database is being sold for 250 USD in Bitcoins (BTC) Records shared by the actor could be relevant to the current year.
The contents of the leak
The leaked database has the following schema:
- Secuencia / u6acct / u6cvereg / u6numcto / dmssnum / dmaddr1 / dmaddr2 / u6delomu / u6estado / dmcity / dmzip / u6ladte1 / u6tel1 / u6ladte2 / u6tel2 / dmname / u6rfc / u6licrea
This is the sample provided by the threat actor:
- Enable multi-factor authentication
- Use strong password
- Don’t share OTPs with third-parties, as OTP is the only thing standing between threat actors and the victims’ accounts
- Review all online accounts and financial statements for suspicious activity.
- Caution friends and family against threat actors impersonating you.
- Regularly update your apps and any other software you use
CloudSEK performed its due diligence and notified Santander Mexico on 17-Sept-2020. However, Santander had not responded, at the time of publishing this article. If we receive a reply, it will be duly updated here.