Govt’s Swachh City platform hacked, data of 1.6 cr people at risk: Researchers

New Delhi: Cyber-security researchers on Wednesday revealed that hackers have compromised the swachh.city platform, an initiative of the Swachh Bharat Mission in association with the Ministry of Housing and Urban Affairs, that could put “critical information” of nearly 1.6 crore (about 16 million) users at risk.

From the data sample that was disclosed by the threat actor to substantiate his claim on the Dark Web, researchers were able to assess registered email addresses, password hashes, registered phone numbers, transmitted OTP information, login IPs, individual user tokens, and browser fingerprint information of the affected users.

The threat intelligence team of AI-driven Singapore-headquartered CloudSEK said the breach of the Swachhata Platform is the handiwork of threat actor LeakBase.

The finding showed that critical information of approximately 16 million users could be ending up in the wrong hands.

“The adversary, going under the monikers of LeakBase, Chucky, Chuckies, and Sqlrip on underground forums has shared a database containing Personal Identifiable Information (PII) such as email addresses, hashed passwords, User IDs etc, that allegedly affects 16 million users of the swachh city platform,” the researchers noted.

LeakBase often operates for financial gain and conducts sales on its marketplace forum on the Dark Web.

“The database of size 1.25 GB has been disclosed under the post and has been hosted on a popular file-hosting platform,” informed the team.

LeakBase also offers access to admin panels and servers of most CMS (content management systems).

“As individuals whose personal details such as phone numbers and email addresses are advertised for sale, there is a strong possibility of it being used against them,” said CloudSEKA.

This information can be harvested by threat actors to conduct phishing, in the form of fake breach notice emails from Swachh City, and social engineering to reveal more sensitive information.

It would equip malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, warned researchers.

This information can also be aggregated to further be sold as leads on cybercrime forums.

“Implement a strong password policy and enable MFA (multi-factor authentication) across logins. Patch vulnerable and exploitable endpoints and monitor for anomalies in user accounts, which could indicate possible account takeovers,” advised the researchers.

-IANS

Lucknow cops disguise themselves to arrest stalker

Lucknow:  Cops in Lucknow disguised themselves as vegetable sellers to arrest a man who had been stalking a class 6 student, prompting her to stop going to school. ADCP, West...

Karnataka-Maharashtra border row: Violence in Belagavi; over 100 detained

Bengaluru: The protests by Kannada activists around the issue of border row between Maharashtra and Karnataka took a violent turn on Tuesday after trucks bearing Maharashtra registration number plates were attacked...

13 arrested for post poll violence in Gujarat

Gandhinagar: Thirteen people have been arrested in connection with post-poll violence in Kalol constituency in Gujarat's Gandhinagar district. During voting in Kalol constituency in the second and final leg of the...

Ashish Mishra to face trial in murder of Lakhimpur Kheri farmers

Lakhimpur Kheri (Uttar Pradesh): Ashish Mishra, son of Union minister Ajay Mishra, will now be tried for the murder of four farmers and a journalist during a protest in Lakhimpur Kheri...

State GST team raids 71 districts of UP, 72 places in Noida

Noida: The state GST department has taken action in various places in Uttar Pradesh including Noida on the complaint of loss of revenue by tax evasion. Simultaneous raids are being...

Lingayat Mutt scandal: Mother of victims writes to Prez, seeks justice or mercy killing

Mysuru (Karnataka): The mother of two victims in the Lingayat Mutt sex scandal on Monday wrote a letter to President Droupadi Murmu, mentioning that they either be given justice or granted...

WBSSC recruitment scam: Bengal teacher commits suicide

Kolkata : Tumparani Mondal Parua (30), a teacher in a state-run school at Nandigram in West Bengal's East Midnapore district, committed suicide reportedly out of apprehension of her name being...

25 years after Uphaar tragedy, fire hazards abound across national capital

New Delhi:  Other than natural disasters like an earthquake hitting the city, Delhiites also face the danger of recurring fire incidents. Every time the irked citizens ask: "Why aren't the...

Bogtui massacre: Main accused Lalan Sheikh arrested by CBI

Kolkata: After over eight months of searching, the Central Bureau of Investigation (CBI) nabbed Lalan Sheikh, the principal accused behind the massacre at the Bogtui village in West Bengal's Birbhum district....

NIA gets 4 more days custodial remand of Lawrence Bishnoi

New Delhi: A Special Delhi court on Saturday extended custodial remand of Gangster Lawrence Bishnoi by four days in connection with the gangster-terrorist nexus matter. Bishnoi was produced before the court...

Hyderabad University professor suspended for alleged sexual assault of foreign student

Hyderabad: The University of Hyderabad on Saturday suspended Professor Ravi Ranjan, hours after he was arrested by the police on allegations of trying to sexually assault a foreign student. The Central...

Delhi man kills live-in partner, tries to chop up body

The accused allegedly stabbed Rekha in the face and neck, and as she resisted, a finger of her right hand was mutilated The 45-year-old man, identified as Manpreet, who was...

Read Previous

Lt Gen Anil Chauhan (retd) appointed Chief of Defence Staff

Read Next

PFI ban: Vijayan holds high-level meeting with police officials

Leave a Reply

Your email address will not be published.

WP2Social Auto Publish Powered By : XYZScripts.com