Friday, July 23, 2021

Cashalo users Data of 3.3 million sold on the dark web: NPC

Must Read

Absa Suffers Data breach

Absa has informed customers of a data breach possibly compromising their private info. As stated by the Johannesburg, South Africa-based...

Indian supply-chain giant Bizongo suffers a massive data breach

Indian start-ups have been hit with a string of data breaches in recent days, and Mumbai-based digital supply-chain giant...

Big Tech Giants formed Ransomware Task Force

Recently founded Ransomware Task Force will work together with a standard framework for Tackle ransomware attacks. A group of 19...

Sensitive information of Cashalo users has been sold on the dark web, NPC said on Tuesday.

The National Privacy Commission (NPC) on Tuesday warned of possible data breaches in connection with the “Cashalo” loan application, with details of its 3.3 million users allegedly being sold online.

The National Privacy Commission (NPC) said published information included usernames, passwords, email addresses, phone numbers, and identification of users of the loan application.

In a statement, Roren Marie Chin, head of the NPC’s Public Information and Assistance Division, said the organization had conducted an initial data breach investigation and found that Cashalo’s data disposal, conducted by Oriente Express Techsystems Corporation, had been sent to various cyber forums since February 14.

An initial NPC investigation has revealed that a user called “creepxploit” has sold Cashalo user data on a dark web, as shared in posts on and RaidForums. The post provided sample data for potential buyers.

He said the vendor may have successfully downloaded files from Cashalo’s database and realized that the data depot would be sold on Monday.

Cashalo said their cybersecurity team had detected a potential data security incident on February 18, which only affected Cashalo’s database.

The NPC contacted Cashalo for their information protection assistance to contact the offender and required them to provide additional information.
It said someone claimed to have a database of Cashalo customers taken from a non-productive program used by the company.

This has led to unauthorized access to Cashalo customer archiving.
Cashalo said its use of secrecy ensures that no customer accounts or passwords are compromised.

As of Tuesday,’s post on the alleged sale has been removed.

Cashalo said he was informing affected users about possible data breaches.
He advised Cashalo users to monitor their accounts, change passwords, and use other security measures.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This