Cybersecurity firm CloudSEK has reported that the Parivahan website suffered a data breach, leading to the leak of its source code and user data on the Dark Web.
CloudSEK claimed that the breach exposed the source code of the Integrated Road Accident Database (iRAD) website, an initiative by the Ministry of Road Transport and Highways (MoRTH).
The breach, discovered on August 2, involved sharing the code on an underground cybercrime forum, potentially compromising sensitive information and security infrastructure.
"CloudSEK has notified the MoRTH about the breach. The firm urges immediate action to secure the iRAD website and safeguard sensitive user data," the firm said.
Detailed analysis of the leaked source code by CloudSEK uncovered alarming issues. "We discovered sensitive assets embedded within the code, including hostnames, database names, and passwords. The usernames and passwords found in the source code were quite simple and susceptible to brute-force attacks when there's local access to the server," stated the cybersecurity firm.
The source code references sms.gov.in, a NIC SMS Gateway used by government departments to send SMS to Indian nationals. The embedded URL in the source code includes fields for usernames and passwords, which if exploited, might give unauthorized individuals the ability to send messages to recipients, CloudSEK noted.
The same threat actor, after exposing the source code, shared a sample dataset of 10,000 user records from a vulnerable API endpoint of the iRAD website on August 7. This data breach was achieved through an SQL injection, underscoring significant vulnerabilities. The leaked dataset contains sensitive information such as user IDs, names, emails, mobile numbers, and passwords.
Upon verification, some mobile numbers and names from the sample dataset matched via Truecaller. The dataset also included email IDs and clear text passwords of government officials, according to CloudSEK.
Bablu Kumar, Cyber Intelligence Analyst at CloudSEK, explained: "The extraction of source code and an SQL injection wield a power that extends far beyond the surface. These breaches are not mere data breaches; they are gateways to understanding the very essence of a website's business logic. The threat is not limited to the data lost today; it encompasses the potential for more profound impacts, opening doors to realms of sensitive information that we cannot foresee."
Assam Police destroy poppy valued at Rs 27.20 crore
After Manipur Police, Assam Police also destroyed 170 Bighas (over 56 acres) of poppy cultivation in the Char areas of Goalpara district, officials said on Sunday.
PM Modi virtually attends Maha Kumbhabhishekam of Jakarta Murugan Temple in Indonesia
Prime Minister Narendra Modi on Sunday virtually participated in the Maha Kumbhabhishekam ceremony of Shri Sanathana Dharma Aalayam, also known as the Jakarta Murugan Temple, Indonesia's first-ever temple dedicated to Lord Murugan.
Gender Budget allocation increased to 8.86 pc for FY26 in Union Budget
The share of gender budget allocation in the total Union Budget has increased to 8.86 per cent in FY 2025-26 from 6.8 per cent in FY 2024-25.
Maha Kumbh: BSNL provides free SIMs, uninterrupted communication services in Mela area
From providing free SIM cards to ensuring uninterrupted communication services, Bharat Sanchar Nigam Limited (BSNL) is playing a key role in strengthening the communication infrastructure at the Maha Kumbh 2025, it was announced on Sunday.
Drugs worth Rs 10.80 crore seized in Mizoram, 4 held
Despite stringent border vigil, smuggling of drugs from Myanmar into North-east India, the security forces seized drugs worth Rs 10.80 crore and arrested four drug peddlers in Mizoram, officials said here on Sunday.
At Delhi poll rally, PM Modi promises 'Vikas ka naya Basant' for residents
Prime Minister Narendra Modi on Sunday said that Delhi is set to witness a "Vikas ka Naya Basant" (New spring of development) after the upcoming Assembly elections, comparing it to the seasonal change brought by Basant Panchami.
Custom duties rationalised in Budget to strengthen India’s economy: FM Sitharaman
The Centre has introduced customs duty rationalisation to ensure that the Indian economy becomes aatmanirbhar (self-reliant), Finance Minister Nirmala Sitharaman said in a post-budget interview with NDTV.
10.23 pc capex hike in Budget 2025-26 shows infrastructure remains a priority: FM Sitharaman
Finance Minister Nirmala Sitharaman told NDTV in a post-budget interview that the Government's focus has been on capital expenditure (capex) in the last few years, and now it has also given a huge boost to increasing consumption.