-
A dark web seller claims to possess forty million records of Indian women, including names, mobile numbers, email addresses, physical locations, and demographic details.
-
Gender-segmented data holds special value for criminals; this enables targeted romance scams, SMS phishing, WhatsApp fraud, and credential-stuffing attacks against female victims.
-
Security experts advise Indian citizens to maintain the necessary security measures for their online and financial accounts.
A cybercriminal on an underground forum says they possess personal information belonging to forty million Indian women. The seller posted samples to prove the database exists and is offering the records for sale.
The leaked information purportedly contains complete names, telephone numbers, email addresses, physical addresses, cities, states, gender identifiers, along with several other demographic attributes, based on a sample of the information the seller posted.
Also, the sample entries suggest the information may have come from multiple sources, rather than a single organization. The seller did not provide any verified information regarding the source of the data, nor the method for collecting it.
If true, this breach is one of the most significant data breaches of all time in terms of the amount of gender-segmented data related to the Indian population. Security researchers warn that threat actors can weaponize this information for various criminal activities.
How Criminals Could Exploit the Stolen Records
This data leak is an opportunity for criminals to use specific methods of attack against the people whose information was leaked. Since cybercriminals now have millions of legitimate phone numbers, it will be much easier for them to run massive smishing (SMS phishing) campaigns against people.
For example, the attacker may send a text that contains the recipient’s real name and location, which may deceive the recipient into believing that they received a government or financial notification or text message.
Social engineering on WhatsApp is another potential high-value target. If a criminal uses personal data from the leak when contacting potential victims through that app, they may create a sense of trust in the mind of the victim. Romance scams are also possible, as attackers can use the data to identify targets and build convincing fake profiles.
Financial fraud is another significant risk. When a criminal has names, phone numbers, email addresses, and physical addresses of a large enough population, they may use the information to bypass security questions on a person’s online bank account. They may also use this information to change passwords or get into already created accounts.
Credential stuffing attacks can become more effective when criminals combine leaked data with previously exposed password sets. Account recovery processes often rely on personal information like birth dates or addresses, which this database reportedly contains.
Gender-Segregated Data Holds Special Value for Scammers
Datasets divided by gender carry particular appeal for underground criminals. Attackers can tailor fraud campaigns toward specific groups, increasing the likelihood that victims will respond to their messages.
Romance scams work especially well when criminals know the gender of their targets beforehand. Fraudsters can design their approaches based on this knowledge, they can craft Marketing stories that resonate specifically with female victims. The success rate for these schemes rises significantly when attackers possess accurate demographic information.
Targeted advertising abuse also becomes possible with gender-segmented data. Fraudsters can use the stolen records to create fake user profiles or inflate engagement metrics. Some criminals may sell the verified contact lists to shady marketing companies operating outside legal boundaries.
Identity profiling allows attackers to build complete pictures of individual victims. They can combine data from multiple breaches to build detailed personal profiles, which are then used to launch more sophisticated and harder-to-detect attacks.
Massive Demographic Datasets Continue Circulating Underground
Noticeable quantities of personal data continue to be available on the dark web. Criminals commonly will take advantage of repackaging the same information for resale in the form of multiple new names.
The major danger from these datasets is not just the data available, however, hackers will often combine multiple datasets to create a fuller victim’s record. For instance, combining a phone number from one breach, an address from another and an email from yet another breached source will create a great targeting package.
Experts in cybersecurity warn Indian residents to continue exercising caution over unsolicited communication. Receiving any sort of unusual strategies or personal data through an unexpected message should call into question whether or not to be skeptical.
Should any potential request for money or sensitive information be present, verification of the request through independent sources is a good way to try to avoid fraud.
Account holders should change their passwords on their most important accounts and enable Multi-Factor Authentication when available. They should regularly monitor bank statements and credit reports to detect early signs of identity theft.
The seller has not put any sort of prices for the 40 million records; therefore, interested parties will have to negotiate directly. Researchers will evaluate whether or not the claims are valid. In the interim of an independent verification process, the public should consider the claims of the breach as unconfirmed.
Law enforcement agencies in India have not yet commented on the dark web listing. The country has seen a rise in cybercrime in recent years, with data breaches driving much of the activity. Officials urge citizens to report suspicious communications to the national cybercrime reporting portal.
The education sector has been particularly hard hit. Indian schools and universities face over 8,000 cyberattacks every week, demonstrating the scale of the threat across different sectors.
