Customer credentials for Bank Syariah Indonesia (BSI), a major state-owned Islamic bank, have allegedly surfaced on a dark web forum. A threat actor claims to be in possession of “stealer logs” containing sensitive login information apparently belonging to BSI customers. This type of compromise typically results from malware on users’ personal devices capturing their usernames and passwords, which are then compiled and shared or sold by malicious actors.
Bank Syariah Indonesia is the largest Sharia bank in the country, playing a significant role in Indonesia’s financial landscape. While the appearance of stealer logs does not necessarily indicate a direct breach of the bank’s core infrastructure, it signifies a serious risk to affected customers. The exposed credentials could allegedly be used to gain unauthorized access to customer accounts, potentially leading to financial loss and identity theft.
The data purportedly exposed in these stealer logs allegedly includes:
- Usernames / Login Names
- Passwords
- Associated Links to bank systems (primarily CMS login pages)
- Phone Numbers (in some cases)
