Cyber ​​security researchers on Wednesday found that hackers had compromised the platform, an initiative of the Swachh Bharat Mission in collaboration with the Ministry of Housing and Urban Affairs, which could hold “critical information” worth nearly Rs 1.6 crore (about Rs 16 million). ) users at risk.

From a sample of data disclosed by the threat actor to substantiate its Dark Web claim, the researchers were able to assess registered email addresses, password hashes, registered phone numbers, transmitted OTP details, login IP addresses, individual user tokens, and browser fingerprints. affected users.

Singapore-headquartered AI-powered operational threat processing team CloudSEK said the hack of the Swachhata platform was the handiwork of threat actor LeakBase.

The finding revealed that the critical information of approximately 16 million users could have fallen into the wrong hands.

“The adversary, under the pseudonyms LeakBase, Chucky, Chuckies, and Sqlrip on underground forums, shared a database containing personally identifiable information (PII) such as email addresses, hashed passwords, user IDs, etc., which allegedly 16 million users are affected by the urban swachh platform,” the researchers noted.

LeakBase often operates for financial gain and conducts sales on its Dark Web forum.

“The 1.25GB database was exposed under the message and was hosted on a popular file hosting platform,” the team said.

LeakBase also offers access to the admin panels and servers of most CMS (content management systems).

“As people whose personal data, such as phone numbers and email addresses, are advertised for sale, there is a high possibility that it will be used against them,” CloudSEKA said.

This information can be harvested by threat actors for phishing in the form of fake breach notification emails from Swachh City and social engineering to reveal more sensitive information.

Researchers have warned that attackers will be given the details they need to launch sophisticated ransomware attacks, steal data and remain persistent.

This information can also be collected to be sold as leads on cybercrime forums.

“Implement a strong password policy and enable MFA (multi-factor authentication) for all logins. Patch vulnerable and exploitable endpoints and monitor for anomalies in user accounts that may indicate potential account hijacking,” the researchers advised.

Read the whole thing Latest technical news and Latest news here