Brinztech Alert: Alleged Database of Tabsyst is on Sale (Likely Indian Target via Aadhaar)

Dark Web News Analysis

A threat actor on a hacker forum is advertising the sale of a “members” database belonging to Tabsyst. The dataset is priced at $1,000. While the organization’s specific operations were initially unidentified, the data fields provide a critical clue to its origin.

Brinztech Analysis:

• The Origin (India Attribution): The presence of the field adhaar_no (National Identity Number) strongly indicates that Tabsyst is an Indian entity or a service provider operating within the Indian market. Aadhaar is the unique 12-digit identification number for residents of India.
• The Data: The leak is described as highly sensitive, containing:
  • Government ID: Aadhaar Numbers (adhaar_no).
  • Financials: Bank Account Details.
  • Identity & Contact: Names, Phone Numbers, Dates of Birth.
  • Credentials: Passwords hashed with bcrypt.
• The Threat: The combination of Bank Account + Aadhaar + Phone Number creates the “Holy Trinity” for financial fraud in the Indian banking ecosystem.

Key Cybersecurity Insights

This alleged data breach presents specific risks to Indian citizens and the banking sector:

• AePS and KYC Fraud: In India, the Aadhaar Enabled Payment System (AePS) is widely used. While biometric data is usually required for AePS withdrawals, possession of the Aadhaar number and Bank details allows attackers to launch sophisticated “KYC Update” scams.
  • Scenario: A victim receives a call: “This is [Bank Name]. Your KYC is pending for Aadhaar [Number]. Please share the OTP to prevent account blockage.” The accuracy of the data makes the scam convincing.
• Financial Theft: With direct access to Bank Account numbers and linked Phone numbers, attackers can attempt SIM Swapping or targeted phishing to bypass OTP protections and drain accounts.
• Password Security: The use of bcrypt indicates the platform had some security standards (avoiding MD5/SHA1). However, bcrypt only protects the password; it does not protect the cleartext PII (Names, Aadhaar, Bank info) that was exfiltrated.
• Regulatory Impact (DPDP Act): If confirmed, this breach would violate India’s Digital Personal Data Protection (DPDP) Act, 2023. The exposure of Aadhaar and banking data carries heavy penalties for failure to safeguard data principals’ privacy.

Mitigation Strategies

In response to this claim, potential users of Tabsyst and the organization itself must act immediately:

• Aadhaar Biometric Lock: Affected individuals should immediately use the mAadhaar app or UIDAI website to Lock their Biometrics. This prevents unauthorized authentication even if the Aadhaar number is leaked.
• KYC Awareness: Users must be warned: Never share OTPs for “KYC Updates” over the phone. Legitimate banks do not ask for this.
• MFA Enforcement: Tabsyst must enforce Multi-Factor Authentication (MFA) on all user accounts immediately.
• Breach Notification: If the breach is valid, Tabsyst must notify the CERT-In (Indian Computer Emergency Response Team) and affected users as per local regulations.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com