New Delhi: Cyber-security researchers on Wednesday revealed that hackers have compromised the swachh.city platform, an initiative of the Swachh Bharat Mission in association with the Ministry of Housing and Urban Affairs, that could put “critical information” of nearly 1.6 crore (about 16 million) users at risk.
From the data sample that was disclosed by the threat actor to substantiate his claim on the Dark Web, researchers were able to assess registered email addresses, password hashes, registered phone numbers, transmitted OTP information, login IPs, individual user tokens, and browser fingerprint information of the affected users.
The threat intelligence team of AI-driven Singapore-headquartered CloudSEK said the breach of the Swachhata Platform is the handiwork of threat actor LeakBase.
The finding showed that critical information of approximately 16 million users could be ending up in the wrong hands.
“The adversary, going under the monikers of LeakBase, Chucky, Chuckies, and Sqlrip on underground forums has shared a database containing Personal Identifiable Information (PII) such as email addresses, hashed passwords, User IDs etc, that allegedly affects 16 million users of the swachh city platform,” the researchers noted.
LeakBase often operates for financial gain and conducts sales on its marketplace forum on the Dark Web.
“The database of size 1.25 GB has been disclosed under the post and has been hosted on a popular file-hosting platform,” informed the team.
LeakBase also offers access to admin panels and servers of most CMS (content management systems).
“As individuals whose personal details such as phone numbers and email addresses are advertised for sale, there is a strong possibility of it being used against them,” said CloudSEKA.
This information can be harvested by threat actors to conduct phishing, in the form of fake breach notice emails from Swachh City, and social engineering to reveal more sensitive information.
It would equip malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, warned researchers.
This information can also be aggregated to further be sold as leads on cybercrime forums.
“Implement a strong password policy and enable MFA (multi-factor authentication) across logins. Patch vulnerable and exploitable endpoints and monitor for anomalies in user accounts, which could indicate possible account takeovers,” advised the researchers.
-IANS
No coercive police action against Padma awardee monk Kartik Maharaj till Monday
Kolkata: The Murshidabad District Police in West Bengal will not adopt any coercive action till July 7 including arrest against Padma Shree awardee monk Kartik Maharaj, attached to the Murshidabad...
Padma awardee Kartik Maharaj accused of raping woman approaches Calcutta HC for scrapping FIR against him
Kolkata: Padma Shree awardee monk Kartik Maharaj, attached to the Murshidabad unit of the Bharat Sevashram Sangha, who had been accused by a woman recently of allegedly raping her for...
Bengaluru stampede: Setback for Karnataka govt as CAT quashes IPS officer’s suspension
Bengaluru: In a setback to the Karnataka government, the Central Administrative Tribunal (CAT) has set aside the suspension order of senior IPS officer Vikash Kumar Vikash in connection with the...
‘Rape and its video recording pre-planned’, say investigating sources on Bengal law college case
Kolkata: Investigating officials probing the rape of a law college student at Kasba in Kolkata revealed that the accused Monojit Mishra targeted the victim in a pre-planned manner and the...
Will probe any foul play in Shefali Jariwala’s death: Maharashtra Minister Yogesh Kadam
Mumbai: Maharashtra Minister of State for Home Affairs, Yogesh Kadam, assured on Saturday that authorities will thoroughly investigate all angles, including any possibility of foul play, in the sudden death...
Death of 5 tigers: Two arrested for poisoning big cats in revenge for cow’s killing
Bengaluru: The Forest and Police authorities have cracked the sensational case involving the death of a tigress and her four cubs in the Male Mahadeshwara Hills forest region and arrested...
NCW takes suo motu cognizance of Kolkata law college rape, seeks report from police commissioner
Kolkata: The National Commission for Women (NCW) has taken suo motu cognizance of the rape of a law college student within her college premises on Wednesday night, in which three...
Passengers of Duronto Express in Bihar looted, FIR lodged
Patna: In a shocking incident, passengers of the New Delhi-Bhubaneswar Duronto Express were looted near Gaya, Bihar, in the early hours of Friday. According to an official of the Gaya...
Death of tigress, 4 cubs: Hunt launched for owner of poisoned cow in K’taka
Bengaluru: The forest and police authorities have launched a search on Friday for the owner of the cow in connection with the death of a tigress and her four cubs...
Woman dies after sexual assault by male patient in Delhi hospital, probe launched
New Delhi: Delhi Police have begun an investigation into the death of a woman, who allegedly succumbed to injuries during treatment, after being sexually assaulted at a government hospital. A...
Raja Raghuvanshi murder: Key info received from Indore-based bizman, says Meghalaya Police
Shillong: The Meghalaya Police has got some key information regarding Raja Raghuvanshi’s murder after an Indore-based businessman was taken into custody by the Special Investigation Team (SIT), officials said on...
French tourist raped in Udaipur after cafe party, accused absconding
Jaipur: In a shocking case, a French woman was raped after attending a party in Rajasthana's Udaipur. The Rajasthan Police have registered a case, confirmed officials on Tuesday. According to...
