Personal Information and exam results of 1.9 lakh CAT aspirants leaked on dark web

A threat actor targeting Common Admission Test aspirants has struck again, leaking personal data and academic records of 190,000 candidates on a cybercrime forum.

ransomware breach hackers dark web
Getty Images

The personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test were leaked and put up for sale on a cybercrime forum, according to threat intelligence firm CloudSEK.

The compromised data includes candidates’ names, dates of birth, email IDs, mobile numbers, and address information. In addition to this, the candidates’ 10th and 12th grade results, details of their bachelor’s degrees and their CAT percentile scores was also revealed in the leaked database.

The CAT is the principal entrance exam for graduate management programs in the country and is undertaken by close to 200,000 candidates each year. The intensely competitive examination is the gateway for aspiring candidates to gain admission to the country’s 20 Indian Institutes of Management (IIMs).

With the help of open-source intelligence, CloudSEK’s threat intelligence team was able to validate the compromised data and revealed that the database is from the CAT examination conducted on 29 November 2020.

CAT burglar strikes again

The threat actor put up a post on 12 May advertising the sale of 190,000 CAT aspirants’ details on a dark web forum. The database comprised personal information and examination scores of nearly all candidates who appeared for the exam. Education website Shiksha reported that of the 227,000 registered candidates, 190,000 had appeared.

According to CloudSEK, the threat actor joined the dark web forum in November 2018 and enjoys good standing in the hacker community. Based on the intelligence it received, the company said the threat actor exploited a vulnerability in the official CAT website to access the database.

This isn’t the first time the perpetrator has targeted CAT. The 2019 CAT examination database was also leaked and put up for sale in September 2020. CloudSEK says it has discovered similar posts from the threat actor on other cybercrime portals on the dark web as well.

With candidates’ personal information lose on the dark web, they could be targeted for phishing and identity theft. Furthermore, since the threat actor appears to have exploited vulnerabilities in the official CAT website (www.iimcat.ac.in) twice within a short span of time, attacks of this sort can reoccur if the website remains unpatched, CloudSEK’s security experts warned.

Copyright © 2021 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline