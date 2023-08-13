2 Min Read
According to CloudSEK, the breach exposed the source code of the Integrated Road Accident Database (iRAD) website, leading to the leak of its source code and user data on the Dark Web.
Cybersecurity firm CloudSEK's XVigil AI digital-risk platform reported that the Parivahan website for the integrated road accident database of the ministry of road transport and highways suffered a data breach.
According to CloudSEK, the breach exposed the source code of the Integrated Road Accident Database (iRAD) website, leading to the leak of its source code and user data on the Dark Web.
"CloudSEK has notified the MoRTH about the breach. The firm urges immediate action to secure the iRAD website and safeguard sensitive user data," the company said.
"We discovered sensitive assets embedded within the code, including hostnames, database names, and passwords. The usernames and passwords found in the source code were quite simple and susceptible to brute-force attacks when there's local access to the server," the cybersecurity company stated.
The source code references sms.gov.in, a NIC SMS Gateway used by government departments to send SMS to Indian nationals. The embedded URL in the source code includes fields for usernames and passwords, which if exploited, might give unauthorised individuals the ability to send messages to recipients, CloudSEK noted.
The same threat actor, after exposing the source code, shared a sample dataset of 10,000 user records from a vulnerable API endpoint of the iRAD website on August 7. This data breach was achieved through an SQL injection, underscoring significant vulnerabilities. The leaked dataset contains sensitive information such as user IDs, names, emails, mobile numbers, and passwords.
Upon verification, some mobile numbers and names from the sample dataset were matched via Truecaller. The dataset also included email IDs and clear text passwords of government officials, according to CloudSEK.
(Edited by : Pradeep John)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Recommended ArticlesView All
India Independence| A throwback to 1947 — how the year impacted the Indian music industry
Aug 13, 2023 IST4 Min Read
Third Eye | Cigarettes warning on smartphones — health protection is fine, but don’t overkill
Aug 12, 2023 IST5 Min Read
Guide to building an emergency fund: Why it is important and where should you invest?
Aug 12, 2023 IST2 Min Read
Monetary Policy Review | RBI maintains status quo on key policy rates and raises inflation projection
Aug 12, 2023 IST4 Min Read