Making online transactions using a BML card. Photo/BML

Sensitive info of many leaked in data breaches, police warn

The Police advice maximum caution on cyber security and urges to not use the same password across various online platforms.

23 February 2023

By Mariyam Umna Ismail

Police on Thursday cautioned people to remain vigilant as personal information of several people in the country has been leaked on the internet.

In view of complaints of various cash transactions after obtaining internet banking user name and password, the police on Thursday issued a statement stating that a maximum number of complaints are made to the institution:

  • Cases of money being transferred to other accounts after obtaining internet banking user name and password

  • Mobile phones, electronic devices and purchase of various items through QR scans at various shops using internet banking app

In such cases, investigations have revealed the sources of information from people's logs, police said. Thus:

  • Fraudulently accessing phishing links sent through SMS and e-mail in the name of various institutions and organisations and asking them to share the information 

  • The purpose of such a link is to get the e-mail address; when the sending link is deleted, the person is asked to enter the email address and password used by the person

  • If the information is completed, the email address and password used by the person would be known to the scammers

"For instance, when you click the link sent supposedly by HDC to update the portal or for some other reason, it will be designed to believe that it is HDC’s website when it opens. It has been found that most people do not know how to identify the website that leads with the link when they press on it, trusting that the website is authentic and give the information they want to log in," the police said.

The bank has come under fire from its customers for alleged fraudulent transactions from its accounts. Thus:

  • The bank said that card information of some customers has been made public and it happened because of international merchants 

  • The bank also said that it would block leaked cards and make new cards free of cost 

  • The bank has made it clear that a maximum transaction of MVR 750 can be done using the QR code feature in its mobile banking application

It's easier to get people's information through the internet because, according to the police, they use the email address given to the bank to register internet banking to create accounts on social media platforms and register on e-commerce websites.

According to the police, while registering in online services, we often have to put up email addresses and passwords, which indicate that the actual email password was used in these services as well.

"It has been observed that all the services have the same password and the email address used also activates the security features provided by the said e-mail service and does not configure the security settings of safety measures," Police said.

In some cases, it was found that internet banking user name and passwords were saved on the password manager of the email account, police said. According to the agency, if we enter our personal information on devices other than our own, it could get saved in the browser of such devices.

How to check if data has been leaked?

According to the police, logging information on commonly used social media platforms like Facebook Twitter and Instagram has already been leaked on the internet. Many people don't know how it happens, but when such apps are being used passwords are not changed at ll or frequently.

The police have also shared a website to check if email addresses and passwords were leaked on the internet during any international data breach.

Noting that the police have so far made several efforts to nab the perpetrators of such acts, the institution urged:

  • Be extra careful with email addresses and passwords used to access internet services 

  • To use the two-factor authentication feature 

  • To change the password every now and then

  • Not to use the same password in multiple accounts or websites

The government has recently proposed to amend three laws to deal with the increasing number of crimes committed in cyberspace in the country and the use of technology by the perpetrators of such crimes.