|###### Category||Adversary Intelligence|
|###### Affected Industries||Manufacturing|
|###### Affected Region||SAARC, India|
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising customer records of Livpure. Livpure is a renowned brand that offers UV & RO water purifiers and air purifiers. The CloudSEK Threat Intelligence Research team has validated the information in this post and has found that the compromised data belong to the attributed entity.
On 13 May 2021, a threat actor shared a post advertising a database containing 1 Million+ records of Livpure customers including their PII. The actor, who joined the forum in May 2021, has been selling Indian databases in the past and gained high reputation on the forum.
Threat actor’s post on the underground forum
The threat actor has shared the leaked fields from the database in the post and also shared the sample which is part of the leaked database. Database shared by the actor includes the following fields:
Sample data shared by the threat actor
Using public sources, CloudSEK Threat Intelligence Researchers were able to confirm that the compromised data contains the PII of the customers and was validated using public sources.
- Since PII (Personally Identifiable Information) including email addresses and phone numbers have been exposed as a result of this breach threat actors can misuse the data to:
- Carry out social engineering activities, phishing attacks, or even identity theft.
- Phone numbers and email addresses that are part of the data dump could be linked to the victims’ banking, mobile wallet accounts, or other online services. Therefore, when this data ends up in the wrong hands, actors could compromise such accounts as well.
- Use strong passwords.
- Enable multi-factor authentication for all online accounts.
- Don’t share OTPs with third-parties.
- Regularly update apps and other software.