Government's Parivahan website user data reportedly exposed on dark web
By MYBRANDBOOK
The government's Parivahan website has likely suffered a data breach, exposing its source code and sensitive data of 10,000 users.
According to Cybersecurity firm CloudSEK, its AI digital risk platform found a threat actor sharing the source code of Integrated Road Accident Database (iRAD), an initiative of the Ministry of Road Transport and Highways (MoRTH), on a cybercrime forum.
iRAD, funded by the World Bank, aims to improve road safety in the country.
The data breach was detected by the cybersecurity firm on August 2. "Our source was able to obtain the source code, totaling 165 MB in size. Most of the code is written in PHP," says CloudSEK.
"We have found several sensitive assets embedded in the code. The code contained hostnames, database names, and passwords. The usernames and passwords used in the source code were quite simple and could be prone to brute-force attacks with local access to the server," it says.
"We observed that the source code includes references to sms.gov.in, a NIC SMS Gateway that enables government departments to integrate and send citizen-centric SMS to Indian nationals," the cybersecurity firm adds.
Additionally, CloudSEK says the URL embedded in the source code includes fields for username and password, which, if misused, might inadvertently grant unauthorised individuals the ability to send messages to recipients.
The leaked information could be used to gain initial access to the website's infrastructure, the cybersecurity firm says, while further adding that if the leaked passwords are not encrypted, it could enable account takeovers. Commonly used passwords or weak passwords could lead to brute force attacks, CloudSEK claims, adding it would equip malicious actors with the details required to exfiltrate data and maintain persistence.
The data security firm finally suggests implementing a strong password policy and enabling MFA (multi-factor authentication) across logins.
"Patch vulnerable and exploitable endpoints. Monitor for anomalies in user accounts, which could indicate possible account takeovers. Scan repositories to identify exposed credentials and secrets," it advises.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
SECUREYE SERVICES PVT. LTD.
VERSA NETWORKS INDIA PVT. LTD.
FINOLEX INDUSTRIES LTD.
SECLORE TECHNOLOGY PVT. LTD.
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
Technology Icons Of India 2023: Harsh Jain
Harsh Jain is an Indian Entrepreneur, the co-founder and CEO of the In...
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...