‘Chqbook.com’ Data Leak Exposes 2 Million Credit Score Reports

  • The data from the suspected and officially denied ‘Chqbook’ breach is now freely shared online.
  • The details included in the dataset are very sensitive, with names, credit card details, and Aadhaar numbers being present.
  • The shared pack also has an “Easter Egg,” which is METRO Cash & Carry client details.

‘Chqbook.com,’ an India-based online banking service that offers credit card, loan, and insurance management services for small businesses and merchants, has suffered a data breach. The incident has severely exposed 2.5 million Indians, who had their bank balance, PAN number, passport number, Aadhaar number, credit score, credit card outstanding, voter ID, email address, date of birth, and even their card PIN leaked.

The discovery of the dataset that has appeared online now comes from researcher Rajshekhar Rajaharia, who tipped us off and shared the details.

Source: Rajshekhar Rajaharia

With the help of KELA, the cyber-intelligence experts, we were able to find the first evidence of the particular dataset appearing on the dark web for sale on December 25, 2020.

‘Chqbook’ initially denied having suffered a data breach, but the dataset is now freely shared on hacker forums, so the game of rebuttal cannot be played anymore. Still, there have been no official announcements yet, but we guess that these shouldn’t take much longer to appear now.

Source: KELA

Apart from the aforementioned details, the dataset also includes METRO Cash & Carry data, as Chqbook.com partnered with the retail giant back in July 2018. METRO has been in India since 2003, operating twenty-five wholesale distribution centers across the country.

The company hasn’t made a statement about the security incident either, but Rajaharia has confirmed that the data leak affects them directly.

Credits: Rajshekhar Rajaharia

In general, the leaked data opens up the potential for phishing, scamming, and even impersonation and banking fraud. Be very vigilant with how you treat incoming communications of the entire spectrum. Since phone numbers, email addresses, and physical addresses have been exposed, crooks have all channels wide open.

Finally, pay close attention to your bank account and credit card statements and immediately report any transactions that you don’t recognize to the issuer. Ideally, you should ask for a card invalidation and replacement now. Unfortunately, the ID and passport are not as straight-forward to replace, and the Aadhaar number isn’t resettable in India, so you’ll have to live with the fact that those have leaked.

REVIEW OVERVIEW

Latest

Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari