1 lakh Indian National IDs including Aadhaar cards on the darknet for sale, Truecaller refused the case of breach in its database.

1 lakh Indian National IDs including Aadhaar cards on the darknet for sale, Truecaller refused the case of breach in its database

 Over 1 lakh scanned copies of Indians‘ national IDs, including PAN card, Aadhaar, and passport, have been published on the dark web for sale, cyber intelligence firm Cyble declared on Wednesday.

The leaked data appears to have originated from a third party and not from the government system, according to a statement by Cyble.

 "We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the darknet. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest — and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India,” Cyble stated.

The private data leaked by cybercriminals leads to numerous evil activities such as identity crimes, scams, and corporate spying. Several criminals utilize personal details in the IDs to acquire the faith of the people over a phone call for dishonest activities.

The cyber researchers obtained around 1,000 IDs from the dealer and confirmed that the scanned IDs belong to Indians which were stolen from employment websites. "Preliminary analysis suggests that the data originated from a third party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further — we are hoping to share an update soon,” Cyble stated.

The scanned ID documents show that the data may have been leaked from a company’s database in the section where they have to comply with ‘Know Your Customer’ (KYC) norms.“Cyble researchers have also learned about a surge in KYC and banking scams — leaks such as this are often used by scammers to target individuals, especially elderlies,” Cyble stated.

In May, Cyble presented two examples where personal data of 7.65 crore Indians have been published in the dark web for sale. In one case, the seller declared to have sourced data of 4.75 crore Indians from online directory Truecaller and in other, the dealer claimed to have sourced from employment websites. Truecaller, however, had rejected the case of the violation in its database.