Reports have emerged about a potential data leak from an organization providing tax assistance to Indian taxpayers. The Cyber Express has received threat intelligence that a hacker forum user, known as ‘Hacking’, has publicly released Indian taxpayer data. The post containing the leaked data was published on September 27, 2023.
According to the hacker forum post, ‘Hacking’ claims to have obtained the taxpayer data from a website called TaxReturnWala. This website offers a range of services, including finance, legal obligations, compliance, and tax payment assistance to individuals and corporations.
When The Cyber Express team checked the website of TaxReturnWala, it was found to be accessible. The organization was contacted for comment on the alleged data leak, and this report will be updated based on their response.
The hacker forum post, titled “WordPress Online Tax Services Admin Table Data [India],” provides details about the leaked data. However, the authenticity of the claims and the actual data could not be verified.
It is worth noting that on hacker forums, users often post data claiming to be from large organizations in order to deceive other cyber criminals and make money in the underground trade. The fact that the Indian taxpayer data was released without any charge suggests a lack of confidence in finding buyers who would be willing to pay for the data. It is possible that the hacker forum user’s release of the data is a result of failed negotiations with Tax Return Wala for a ransom payment. It is also plausible that the data leaked by the disgruntled forum user was obtained from previous data breaches.
The hacker forum user did not provide information about the file size of the leaked data but mentioned that it was in CSV format, commonly used for organizing data in tables. The post states that the data includes email addresses, passwords, usernames, and other details.
The hacker forum user’s statement, “To Hack and Enter The Site, You Need To Crack The Hash,” indicates the hacking technique that might have been used to gain access to the taxpayer information. This information could potentially assist other hackers in targeting the systems of Tax Return Wala.
The hacker forum user, ‘Hacking’, joined the dark web platform in June 2023. They have made 428 posts in just five months and have a reputation score of 195 with VIP status. In their profile, they claim to be a security researcher.
This is not the first instance of Indian taxpayer data compromise. Cyble Research and Intelligence Labs previously detected an upgraded version of the Android banking trojan called Drinik. The trojan infected the iAssist app, allowing it to impersonate the Income Tax Department of India and target nearly 18 Indian banks. Scammers used fraudulent dialogue boxes to trick users into entering their account details, enabling them to access biometric data, keystrokes, screen activities, PAN card details, Aadhaar cards, credit card numbers, CVV, and PIN information.
Recently, another data-stealing remote access trojan, Agent Tesla, was found to be involved in malicious activities. Scammers created fake tax-related documents to deceive unsuspecting users and steal their clipboard data and file system access, among other data.
To combat the rise in cybercrimes in India, the Ministry of Electronics and Information Technology has taken down over 6,000 malicious URLs in 2021 and over 1,096 URLs in 2022. Additionally, 464 Instagram posts were removed to ensure user safety on social media platforms.
It is important to note that the information provided in this report is based on internal and external research obtained through various means. Users are responsible for their reliance on this information, and The Cyber Express assumes no liability for the accuracy or consequences of using this information.
In conclusion, the reported data leak from TaxReturnWala poses a risk to Indian taxpayers. The authenticity of the leaked data is yet to be verified, but it is a reminder of the ongoing threats faced by individuals and organizations in the digital age.