The IT security researchers at Cybernews have discovered a database containing financial fraud investigation records and other sensitive data belonging to the Indian federal police.

The publicly exposed database also included bank account holder names, balances, account numbers, transaction types, amounts, destinations, and cases taken up by the Central Bureau of Intelligence (CBI) India.

In total, the database contained 335 million records or roughly 24GB worth of data. The dataset was discovered when the researchers performed an open-source intelligence investigation of Elasticsearch and Kibana hosted by France-based cloud computing firm OVHCloud.

What’s even worse, researchers identified records of more than 200 banks in the open database. Furthermore, the database included case-related information of private companies, which were investigated by local police regarding fraudulent practices and taken to court.

Major Database Mess Up Leaves Indian Federal Police and Banking Records Exposed
Image: Cybernews

The owner of this database is currently unidentified, but considering the nature of the information it contains, researchers believe it can be assumed that it belongs to a private fraud investigating agency or a court in India.

Potential Dangers

Threat actors can exploit financial information to illegally access accounts and steal funds from them. Using financial inquiry data, scammers can approach people who have been named in fraud cases and cheat them.

Although the database was secured quickly, it is still quite risky considering that highly sensitive data was publicly exposed.

In their blog post, Cybernews researcher Aras Nazarovas explained the possible dangers of this uncalled-for data exposure.

“While attackers could not use this data alone to cause any damage, it can be used in combination with data gathered from other attacks. It can also be useful to attackers who want to find target accounts with high balances. Payment descriptions could be used to track a target’s spending habits.”

Aras Nazarovas – Cybernews

  1. Hackers claim to be selling 13TB of Domino’s India data
  2. Hackers leak data of 29 million Indian job seekers for download
  3. India’s COVID-19 surveillance tool exposed millions of user data
  4. Hackers leak millions of Airtel India user data with Aadhaar numbers
  5. 9,517 unsecured databases identified with 10 billion records globally