Cybersecurity firm CloudSEK has reported that the Parivahan website suffered a data breach, leading to the leak of its source code and user data on the Dark Web.
CloudSEK claimed that the breach exposed the source code of the Integrated Road Accident Database (iRAD) website, an initiative by the Ministry of Road Transport and Highways (MoRTH).
The breach, discovered on August 2, involved sharing the code on an underground cybercrime forum, potentially compromising sensitive information and security infrastructure.
"CloudSEK has notified the MoRTH about the breach. The firm urges immediate action to secure the iRAD website and safeguard sensitive user data," the firm said.
Detailed analysis of the leaked source code by CloudSEK uncovered alarming issues. "We discovered sensitive assets embedded within the code, including hostnames, database names, and passwords. The usernames and passwords found in the source code were quite simple and susceptible to brute-force attacks when there's local access to the server," stated the cybersecurity firm.
The source code references sms.gov.in, a NIC SMS Gateway used by government departments to send SMS to Indian nationals. The embedded URL in the source code includes fields for usernames and passwords, which if exploited, might give unauthorized individuals the ability to send messages to recipients, CloudSEK noted.
The same threat actor, after exposing the source code, shared a sample dataset of 10,000 user records from a vulnerable API endpoint of the iRAD website on August 7. This data breach was achieved through an SQL injection, underscoring significant vulnerabilities. The leaked dataset contains sensitive information such as user IDs, names, emails, mobile numbers, and passwords.
Upon verification, some mobile numbers and names from the sample dataset matched via Truecaller. The dataset also included email IDs and clear text passwords of government officials, according to CloudSEK.
Bablu Kumar, Cyber Intelligence Analyst at CloudSEK, explained: "The extraction of source code and an SQL injection wield a power that extends far beyond the surface. These breaches are not mere data breaches; they are gateways to understanding the very essence of a website's business logic. The threat is not limited to the data lost today; it encompasses the potential for more profound impacts, opening doors to realms of sensitive information that we cannot foresee."
3 satellite townships to be developed in Tripura: CM Manik Saha
Addressing the district level workshop on the deliberations of the 4th National Conference of Chief Secretaries at Rajarshi Hall in southern Tripura’s Udaipur, the Chief Minister said that these satellite townships would be developed in a planned manner with all basic facilities.
Assam Police foils drug peddling bid; narcotics worth Rs. 30 crore seized
Assam Police foiled a major drug peddling bid and narcotics worth Rs 30 crore were seized by the security personnel, Chief Minister Himanta Biswa Sarma said on Tuesday.
Country will prosper only when man and women enjoy equal rights: Minister Tinku Roy
The state social welfare and social education minister Tinku Roy on Tuesday chaired a daylong workshop on different schemes of his department and its execution and said that the country can prosper only if men and women enjoys equal rights.
Minister Sudhangshu Das emphasis on piggery to strengthen rural economy and generate employment opportunity
The Animal Resource Development Department minister Sudhangshu Das on Tuesday attended the state level seminar on “Pig Diseases with Special Reference to Classical Swine Fever”, held here at Agartala Rabindra Bhavan
Govt officials are driving force of Tripura’s development: CM Dr Manik Saha
Chief Minister Dr Manik Saha on Tuesday attended the District Level Workshop on the 4th National Conference of Chief Secretaries' deliberations at Rajarshi Hall, in Udaipur and said that government is committed to implementing key takeaways for the welfare of the people of Tripura.
Youth dies after being run over by train
A tragic incident unfolded once again in the D.M. Colony area under the Teliamura Railway Police Station, where a man lost his life after being run over by a train. The deceased has been identified as Ajit Sarkar, a 36-year-old resident of the locality.
Govt aims to transform state into an education hub: CM Manik Saha
Dr. Saha said this while addressing the foundation day celebration of Lipika Dasgupta Memorial School at its premises in East Gakulnagar, Bishalgarh, Sepahijala District.
Five Bangladeshi held with fake Aadhaar cards in Udaipur
The Government Railway Police (GRP) in Udaipur, Gomati district, have detained five Bangladeshi nationals with forged Aadhaar cards after they illegally entered Tripura and attempted to travel to Gujarat in search of work.