Government's Parivahan website user data reportedly exposed on dark web
By MYBRANDBOOK
The government's Parivahan website has likely suffered a data breach, exposing its source code and sensitive data of 10,000 users.
According to Cybersecurity firm CloudSEK, its AI digital risk platform found a threat actor sharing the source code of Integrated Road Accident Database (iRAD), an initiative of the Ministry of Road Transport and Highways (MoRTH), on a cybercrime forum.
iRAD, funded by the World Bank, aims to improve road safety in the country.
The data breach was detected by the cybersecurity firm on August 2. "Our source was able to obtain the source code, totaling 165 MB in size. Most of the code is written in PHP," says CloudSEK.
"We have found several sensitive assets embedded in the code. The code contained hostnames, database names, and passwords. The usernames and passwords used in the source code were quite simple and could be prone to brute-force attacks with local access to the server," it says.
"We observed that the source code includes references to sms.gov.in, a NIC SMS Gateway that enables government departments to integrate and send citizen-centric SMS to Indian nationals," the cybersecurity firm adds.
Additionally, CloudSEK says the URL embedded in the source code includes fields for username and password, which, if misused, might inadvertently grant unauthorised individuals the ability to send messages to recipients.
The leaked information could be used to gain initial access to the website's infrastructure, the cybersecurity firm says, while further adding that if the leaked passwords are not encrypted, it could enable account takeovers. Commonly used passwords or weak passwords could lead to brute force attacks, CloudSEK claims, adding it would equip malicious actors with the details required to exfiltrate data and maintain persistence.
The data security firm finally suggests implementing a strong password policy and enabling MFA (multi-factor authentication) across logins.
"Patch vulnerable and exploitable endpoints. Monitor for anomalies in user accounts, which could indicate possible account takeovers. Scan repositories to identify exposed credentials and secrets," it advises.
Tata to come up with 2 more Semiconductor factories in Gujarat
In order to meet demand for chips both domestically and internationally, T...
Bharti Airtel to reportedly reinvest in 4G gear from Ericsson,
Bharti Airtel is issuing orders worth around $1 billion to Ericsson, Nok...
Lenovo commences AI-enabled GPU server manufacturing and launc
Lenovo announced the establishment of high-performance AI server manufactu...
IBM expands its FinOps portfolio with acquisition of Kubecost
IBM has acquired Kubecost, a leading FinOps startup specializing in Kuber...
ALPHAMAX TECHNOLOGIES PVT. LTD.
HP INDIA SALES PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
DELL TECHNOLOGIES INDIA PVT. LTD.
ICONS OF INDIA : RAJIV MEMANI
As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
Icons Of India : Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla recently made a comeb...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
TCIL - Telecommunications Consultants India Limited
TCIL is a government-owned engineering and consultancy company...
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM
Arvind Krishna, an Indian-American business executive, serves as the C...
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...