Threat Actor Claims Leak of 10 Million Singapore Citizen Records

A threat actor just posted on a dark web forum claiming they have a database containing the info of 10 million rows of Singaporean personal info. Each row includes both names, phone numbers, and sexes.

The post points to PropertyGuru as the possible source. No official confirmation or expert validation has emerged yet.

What the Dark Web Post Says

Based on the dark web post, sensitive personal information of millions of Singapore citizens, including their names, gender, and phone numbers, could be at risk. The actor says they removed duplicates per phone number.

They pointed to propertyguru[.]com[.]sg as the source, and even shared a Qtox contact ID and sample data. But here is the big catch: no one has confirmed it yet. The Singapore government hasn’t said a word. No independent security expert has validated the samples. So this could be a brand new dump. Or it could be old breach data, repackaged to look fresh.

Though not validated yet, it’s still worrisome because this type of breach allows for ID theft and financial fraud, as well as the potential for cybercriminals to purchase this information and target individuals with phishing/scam attacks via email. 

A Worrying Trend of Targeting Singapore

This isn’t the first post of its kind. Back in January, another actor made waves. A threat actor called HACKCN posted “Singapore Citizen 10K.” They claimed the alleged leak has the personal identifiable info of about 10,000 Singaporeans.

Information in the sample the threat actor posted included full names, gender, and date of birth. There were also email addresses, mobile telephone numbers, and NRIC/ identification card (IC) numbers. All sample individuals lived in Singapore. 

That incident highlighted a clear risk. Cybercriminals are seriously targeting Singapore’s digital identity. Cybersecurity firm Resecurity saw a spike in Dark Web activity for stolen Singapore identity info. The number of vendors selling such data jumped by 230%.

Singapore’s Wealth Makes It a Juicy Target for Cybercriminals

Singapore has about 6 million people. It is a top global financial and trade hub. Its e-commerce and fintech sectors process millions of transactions. This makes the country a juicy target. Cybercriminals sell stolen identity docs for fraud, impersonation, and KYC bypass.

Prices for such data start around $8. Costs vary based on quality and source. Resecurity found multiple underground vendors monetizing this data. They sell passports, ID cards, and driving licenses. Some even offer templates of national IDs. These templates include holograms and watermarks. They look remarkably real.

The Danger of Stolen Singpass and KYC Data

Stolen Singpass credentials also circulate widely. A Singpass account is more like a gateway to thousands of government services. This means any hacker who accesses it can get a hold of mountains of citizen data, which they could use for scams, money laundering, and steal people’s identities.

One way these attackers access Signpass accounts is through Infostealers like Stealc, Azorult, Racoon & Nexus. They steal credentials straight from infected devices.

Leaks through third-party KYC providers are another major risk. Many fintech apps ask for selfies and documents. If that third party gets breached, your sensitive data leaks. Criminals then use these materials to bypass KYC checks or create deepfakes and fake documents.

Healthcare platforms face similar risks. A hacker recently claimed to have stolen 373,000 records from IMO360, a Spanish medical software provider, and demanded ransom, illustrating how third-party health platforms can become breach points for massive amounts of sensitive patient data. Currently, this is still a mere claim, but it’s worth watching.

What You Can Do Right Now

If you have a Singpass account, act fast. Turn on Two Factor Authentication right now – and use a password that you only use for Singpass. One that is long, complicated, unique, and hard to guess.

Never share your credentials for money or “easy jobs.” Those offers are almost always traps. Keep a close eye on your account. Anything that looks out of place, report it to Singpass Support on 6335 3533 or at [email protected].

The Government is trying to make it even harder for these types to get in. But at the end of the day, the human factor remains the Achilles heel. So be careful, remain skeptical. Your digital identity is worth protecting.