This comes after few threat intelligence services sharing a dark web post – regarding an unknown marketplace selling the COVID-19 vaccination database of India. The seller claims the database has sensitive data of about 150 million Indians, leaking their Name, Mobile Number, Aadhaar ID, GPS (PinPoint) Location, State, etc. It was offered for $800 but soon turned out to be fake.
Luring Buyers Without Samples!
Remembering an old saying, the offer is too good to be true. Soon after the images of that post being shared on Twitter, many started following the thread and some asked the URL for accessing it.
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) June 10, 2021 While I have managed to get the URL to the site selling it – DARK LEAK MARKET, it failed to load. The exact reason for this is unknown, and I ignored it since many unpopular dark websites often have weak hosting causing frequent downtime. But, it soon turned to be fake due to various reasons. Finally, I found a mediator pushing potential buyers towards the deal, and a conversation with him provided me a dark web link – redirecting to the payment page of the database.
— Rajshekhar Rajaharia (@rajaharia) June 10, 2021 And when asked for samples, he declined to provide them and eventually ignored them. Soon after this, Rajshekhar Rajaharia, a security researcher, posted, saying the marketplace is fake and meant for scamming people. As the site’s URL is often being charged, it’s likely true, and they’re asking for payment even for the samples. However, as it’s unlikely that any seller would charge potential buyers for samples, this manipulative deal can safely be ignored.
