Government's Parivahan website user data reportedly exposed on dark web
By MYBRANDBOOK
The government's Parivahan website has likely suffered a data breach, exposing its source code and sensitive data of 10,000 users.
According to Cybersecurity firm CloudSEK, its AI digital risk platform found a threat actor sharing the source code of Integrated Road Accident Database (iRAD), an initiative of the Ministry of Road Transport and Highways (MoRTH), on a cybercrime forum.
iRAD, funded by the World Bank, aims to improve road safety in the country.
The data breach was detected by the cybersecurity firm on August 2. "Our source was able to obtain the source code, totaling 165 MB in size. Most of the code is written in PHP," says CloudSEK.
"We have found several sensitive assets embedded in the code. The code contained hostnames, database names, and passwords. The usernames and passwords used in the source code were quite simple and could be prone to brute-force attacks with local access to the server," it says.
"We observed that the source code includes references to sms.gov.in, a NIC SMS Gateway that enables government departments to integrate and send citizen-centric SMS to Indian nationals," the cybersecurity firm adds.
Additionally, CloudSEK says the URL embedded in the source code includes fields for username and password, which, if misused, might inadvertently grant unauthorised individuals the ability to send messages to recipients.
The leaked information could be used to gain initial access to the website's infrastructure, the cybersecurity firm says, while further adding that if the leaked passwords are not encrypted, it could enable account takeovers. Commonly used passwords or weak passwords could lead to brute force attacks, CloudSEK claims, adding it would equip malicious actors with the details required to exfiltrate data and maintain persistence.
The data security firm finally suggests implementing a strong password policy and enabling MFA (multi-factor authentication) across logins.
"Patch vulnerable and exploitable endpoints. Monitor for anomalies in user accounts, which could indicate possible account takeovers. Scan repositories to identify exposed credentials and secrets," it advises.
BREAKING NEWS
TECHNO TRENDS
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
E-Magazine
TECHNOTAINMENT
ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as
The Enforcement Directorate (ED) has seized businessman Raj Kundra's pro
Salman Khan trolled for singing with B Praak at Anant Ambani's
To celebrate Mukesh Ambani's youngest son Anant Ambani’s 29th birthday
MOVERS & SHAKERS
DigiCert names Atri Chatterjee as CMO
DigiCert has announced the appointment of Atri Chatterjee as Chief Market
Amagi names its Chief Product Officer
Amagi announced the appointment of Richard Perkett as its Chief Product Of
OPEN YOUR EYES
INTERVIEWS
AMD Pensando innovation CONTINUES
In 2022, AMD announced its acquisition of Pensando Systems, an addition to
CommScope celebrates its 25 years of legacy in India by contin
A strong brand must also reflect the company values and speak exactly what
HOT PICK
COLORFUL rolls out an array of gaming laptops
COLORFUL launched its incredible series of COLORFUL EVOL P15 gaming laptop
Dell Technologies launches new AI-powered commercial PC portfo
Dell Technologies has launched the broadest portfolio of commercial AI lap
MAKE IN INDIA BRANDS
SECUREYE SERVICES PVT. LTD.
VERSA NETWORKS INDIA PVT. LTD.
FINOLEX INDUSTRIES LTD.
SECLORE TECHNOLOGY PVT. LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
Technology Icons Of India 2023: Harsh Jain
Harsh Jain is an Indian Entrepreneur, the co-founder and CEO of the In...
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
PARTNER SPEAKERS
PSU
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
VIDEOS
Top 25 Brands
Value-Added Distribution
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...
ITFORUM 2024
WIITF 2024
CMO of the Year
WOMEN LEADERSHIP
EMINENT CIO's OF INDIA
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
