Swachh City platform hacked: Swachh.city, an initiative run by the Swachh Bharat Mission in partnership with the Ministry of Housing and Urban Affairs, has been compromised, putting the “critical information” of nearly 1.6 crore (about 16 million) users at risk, Cyber-security researchers said on Wednesday.
Researchers were able to assess the registered email addresses, password hashes, phone numbers, transmitted OTP information, login IPs, individual user tokens, and browser fingerprints of affected users using the data sample disclosed by the threat actor to substantiate his claim on the Dark Web.
Swachhata Platform was breached by threat actor LeakBase, according to AI-driven Singapore-based CloudSEK. Approximately 16 million users’ critical information could end up in the wrong hands as a result of the findings.
In underground forums, the adversary is referred to as LeakBase, Chucky, Chuckies, and Sqlrip. According to the researchers, a database containing Personal Identifiable Information (PII), including email addresses, hashed passwords, and user IDs, has been shared with 16 million users of the Swachh City platform.
In its Dark Web marketplace, LeakBase conducts sales for financial gain. Under the post, the team disclosed a database of 1.25 GB hosted on a popular file-hosting platform. Several CMS (content management systems) are also accessible through LeakBase’s admin panels. The use of people’s personal details, such as their phone numbers and email addresses, is highly possible if they are advertised for sale, according to CloudSEKA.
Threat actors can harvest this information to conduct phishing attacks, posing as Swachh City breach notice emails, and social engineering to reveal more sensitive information. Researchers warned that it would allow malicious actors to launch sophisticated ransomware attacks, extort data, and sustain persistence. Cybercrime forums can also sell this information as leads based on the aggregated information.
In their advice, the researchers suggest implementing a strong password policy and enabling MFA (multi-factor authentication) across logins. They also suggest patching vulnerable and exploitable endpoints and monitoring user accounts for anomalies that could indicate account compromise.
