Govt’s Road Accident Database Website Breached, 10K User Sensitive Data Exposed on Dark Web: Report – News18

In a startling revelation, cybersecurity agency CloudSEK’s XVigil AI digital-risk platform has dropped at gentle a major breach involving the web site for the built-in street accident database of the ministry of street transport and highways.

According to CloudSEK, the breach, which was found on August 2, has unveiled the illicit sharing of the supply code of the web site on an underground cybercrime discussion board, often known as the darkish net. In its report, the cybersecurity agency acknowledged: “Our source was able to obtain the source code, totalling 165 MB in size. Most of the code is written in PHP.”

“We have found several sensitive assets embedded in the code. The code contained hostnames, database names, and passwords. The usernames and passwords used in the source code were quite simple and could be prone to brute-force attacks with local access to the server,” the report added.

Further examination of the leaked supply code has additionally unveiled that the code contained references to the NIC SMS Gateway GUI portal (sms.gov.in), doubtlessly granting unauthorised people the flexibility to ship messages to residents. Embedded URLs contained fields for usernames and passwords, elevating the spectre of unauthorised entry.

According to the researchers: “On August 7, the same threat actor made another post sharing a sample dataset of the 10,000 users of the website. The post also mentions that structured query language (SQL) injection was used to obtain the data from the vulnerable API endpoint, which at the time of writing the report, is still accessible.”

As per the publish, the header comprises particulars like id, office_id, identify, e-mail, regno, energetic, cellular, ps_code, remarks, password, username, created by, dept_code, role_code, state_code, designation, created_date, old_password, password_enc, district_code, email_verified, mobile_verified.

“Our source could verify some of the mobile numbers and the names mentioned in the sample dataset against Truecaller and they matched. The sample data also contains government officials’ email IDs and clear text passwords,” the report added.

The researchers stated the leaked data is likely to be used to get first entry to the web site’s infrastructure, account takeovers could also be attainable if the leaked credentials usually are not encrypted and passwords which are often used or are weak could also be susceptible to brute power assaults. This would offer dangerous actors with the data they should exfiltrate knowledge and stay persistent.

CloudSEK, nevertheless, stated the street transport ministry was knowledgeable in regards to the breach and was urged to take quick motion to safe the iRAD web site and safeguard delicate consumer knowledge. News18 has learnt that the cybersecurity agency works intently with CERT-In additionally they usually inform them about every vulnerability. It can also be understood that based mostly on the main points of the report shared by CloudSEK, the federal government has taken obligatory actions.