Swachh City platform has been hacked: Hackers have compromised the swachh.city platform, an initiative of the Swachh Bharat Mission in association with the Ministry of Housing and Urban Affairs, potentially putting the “critical information” of nearly 1.6 million at risk ( about 16 million) of users, Cyber -security researchers revealed on Wednesday.
Based on the sample data that was disclosed by the threat actor to substantiate its claim on the dark web, the researchers were able to evaluate registered email addresses, password hashes, registered phone numbers, OTP information transmitted, login IP, individual user tokens and browser fingerprint. information of affected users.
Singapore-based CloudSEK’s AI-powered threat intelligence team said the Swachhata platform breach is the work of threat actor LeakBase. The finding showed that the critical information of approximately 16 million users could be ending up in the wrong hands.
“The adversary, who goes by the nicknames LeakBase, Chucky, Chuckies, and Sqlrip on underground forums, has shared a database containing personally identifiable information (PII) such as email addresses, hashed passwords, ‘user, etc., which allegedly affects 16 million users of the swachh city platform,’ the researchers noted.
LeakBase often operates for financial gain and conducts sales on its marketplace forum on the dark web. “The 1.25 GB size database has been disclosed in the publication and is hosted on a popular file hosting platform,” the team reported. LeakBase also provides access to the admin panels and servers of most CMS (content management systems). “As individuals whose personal data such as phone numbers and email addresses are advertised for sale, there is a strong possibility that it will be used against them,” CloudSEKA said.
Threat actors can collect this information to conduct credential phishing, in the form of fake Swachh City breach notification emails and social engineering to reveal more sensitive information. Researchers warned that it would equip malicious actors with the details needed to launch sophisticated ransomware attacks, exfiltrate data and maintain persistence. This information can also be aggregated to sell them as leads on cybercrime forums.
“Implement a strong password policy and enable MFA (multi-factor authentication) between logins. Patch vulnerable and exploitable endpoints and monitor for anomalies in user accounts, which could indicate possible account takeovers,” they advise the researchers.
With IANS entries
