Sunday, October 17, 2021

Cashalo users Data of 3.3 million sold on the dark web: NPC

Must Read

The Domestic Kitten hacking group has a threat to the Iranian regime

Investigators have revealed the internal functioning of the Domestic Kitten team's surveillance operations.The Domestic Kitten also followed as the...

Apple developers targeted by EggShell Backdoor

Xcode malicious projects are used to hijack developer systems and distribute EggShell custom backdoors.The malware, called XcodeSpy, is targeted...

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Sensitive information of Cashalo users has been sold on the dark web, NPC said on Tuesday.

The National Privacy Commission (NPC) on Tuesday warned of possible data breaches in connection with the “Cashalo” loan application, with details of its 3.3 million users allegedly being sold online.

The National Privacy Commission (NPC) said published information included usernames, passwords, email addresses, phone numbers, and identification of users of the loan application.

In a statement, Roren Marie Chin, head of the NPC’s Public Information and Assistance Division, said the organization had conducted an initial data breach investigation and found that Cashalo’s data disposal, conducted by Oriente Express Techsystems Corporation, had been sent to various cyber forums since February 14.

An initial NPC investigation has revealed that a user called “creepxploit” has sold Cashalo user data on a dark web, as shared in posts on https://cybleinc.com and RaidForums. The post provided sample data for potential buyers.

He said the vendor may have successfully downloaded files from Cashalo’s database and realized that the data depot would be sold on Monday.

Cashalo said their cybersecurity team had detected a potential data security incident on February 18, which only affected Cashalo’s database.

The NPC contacted Cashalo for their information protection assistance to contact the offender and required them to provide additional information.
It said someone claimed to have a database of Cashalo customers taken from a non-productive program used by the company.

This has led to unauthorized access to Cashalo customer archiving.
Cashalo said its use of secrecy ensures that no customer accounts or passwords are compromised.

As of Tuesday, RaidForums.com’s post on the alleged sale has been removed.

Cashalo said he was informing affected users about possible data breaches.
He advised Cashalo users to monitor their accounts, change passwords, and use other security measures.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This