Data of Over 60 Million Virtual Card Users Exposed

Volodymyr “Bob” Diachenko, a security researcher at SecurityDiscovery, found a collection of publicly exposed data of virtual card records. On August 4, 2022, a cluster of more than 67 million records, including specifics regarding virtual card information, was found by Bob’s monitoring engine.

The monitoring engine picked up a 61GB-sized database, including the information on the senders and recipients of virtual card holders and the messages they exchanged. The database was named “Dromadaire,” which is the name of a company in Europe that offers virtual card services.

However, upon further investigation, Bob’s company did a reverse DNS analysis, revealing that the data did not directly belong to Dromadaire. However, the report could not identify the perpetrator of the data leak.

The dark side of exposed data

After his post on LinkedIn, no company claimed the exposed data as their own, and it remained open on the internet until August 6, 2022. The data collected messages and transaction history between 2014 and 2022, suggesting that the data could have leaked long ago. In addition, most of the messages were from French speakers in the four European nations marked as “local” in the database.

According to Bob, clients who have had their data exposed, like in his case, are more susceptible to being duped by phishing scams. Hackers might employ social engineering and other IT techniques to induce victims to transfer money or divulge sensitive data because their data is publicly accessible on the internet.

Most phishing attacks begin with an email, phone call, or text message to instill a sense of urgency in the victim’s mind. Then, the hackers pursue the target with the purpose of stealing, and they accomplish that by acting as actual companies, people they know, and local authorities.

Bob recommends people verify the message’s authenticity and avoid visiting suspicious-looking pages and websites with links and attachments.

Diachenko also discovered 280 million Indian UAN data base  

Earlier this month, Diachenko had also issued a data exposure report about UAN members in India. This data included information about their employment, bank accounts, income status, Aadhaar information, bank seeding status, and more.