Sensitive data of brokerage firm, AKD Securities Limited, has allegedly been compromised in a major cyber security breach and hackers have reportedly put the data dump for sale on dark-web marketplaces.
According to exclusive details available with ProPakistani, the compromised data comprises clients’ onboarding data across a sample size of over 1,000 Account Holders. The leak shows that the unidentified hacker gained access to the data such as full names, phone numbers, email addresses, residential addresses, bank account details, passwords, marital status, etc.
ProPakistani was tipped through anonymous sources with the information and some sample data that contained private information mentioning of AKD account holders.
For what it is worth, this data could be used for locating an individual or for purposes such as insider trading, targeted cyber-attacks, identity theft, phishing attacks and extortion.
This scribe reached out to the Chief Executive Officer of AKD Securities, Farid Alam, for the brokerage firm’s official stance on the matter. He said,
The client’s financial and trading data at AKDSL is end-to-end encrypted and is hosted in an in-house/premises data center behind a firewall. Therefore NO clients’ financial and trading data has been compromised.
The alleged data leak shows that the hacker got access to some of the most sensitive data that is usually intended for confidential purposes only.
According to a cyber security expert, “sometimes the data is not available because of a hack but can be scrapped off the website by data leaking APIs. If you can recall, something like this famously happened in the case of some local commercial banks, FBR, K-electric, Amazon LinkedIn and Twitter.”.
The expert opined that the AKD breach is also a security and privacy concern. “They need to limit the exposure of their data through their APIs. Not saying that is what happened here, but it could be the case. Similarly, sometimes hackers get data from some other sources and repackage it, like in the case of the recent telco data that was put on sale by hackers over the dark-web” he remarked.
For companies like AKD Securities, and perhaps other brokerages/investment firms, cybersecurity, and practices associated with it are both important and require regular and comprehensive technical audits to identify and remove vulnerabilities.
“AKDSL is end-to-end encrypted” lol… all their SSL certificates are expired, and the encryption is compromised. Just try logging in using their desktop app, and Java will prompt multiple times of their SSL expiry. I have been emailing them about this since the past 5 years. They never reply to that email.