|Affected Industries||Healthcare, Government|
|Data Fields||Name, Mobile Number, Aadhaar ID, GPS, Location, State, etc.|
- CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, selling the records of 150 million Indians, who have received the COVID 19 vaccination, for USD 800.
- In India, all COVID vaccine registrations are managed through the COWIN portal, which was developed and managed by the Government of India.
- The CloudSEK Threat Intelligence team is in the process of validating the claims made in the post.
Threat actor’s post on the dark web forum
A database of “Covid19 vaccinated people” was also advertised over a private Telegram channel on 27 May 2021. This post also claimed that the database contains 150 million records. However, it was being sold for USD 1000. The Telegram handle that posted this is also the administrator of the private Telegram channel. The administrator of the channel has a history of reselling databases, which have previously been leaked by ransomware groups. It is likely that “Dark Leak Market” and the Telegram channel are managed by the same entity, given that all the databases advertised over the Telegram channel have consistently been sold on the “Dark Leak Market” URL as well, within a short period of time. At the time of publishing of this report, the Dark Leak Market URL is not active.
Post on the private Telegram channel
There has also been chatter in underground forums that “Dark Leak Market” is a scam.
Chatter on underground forums that “Dark Leak Market” is a scam
Soon after it was posted, the Tweet by Dark Tracer, was discussed on an underground forum, with many users alluding to the post being a scam.
Underground discussions on the tweet