Swachhata app, an initiative started by Swachh Bharat Mission in India, has been...
16 million customers' personal data from the Swachhata platform aka Swacch City App were reportedly exposed in a 6GB data dump by a threat actor going by the moniker LeakBase on BreachForums, a database trade network widely utilized by hackers.
Swachhata , a project accredited by Swachh Bharat Mission, is a mobile and online application that aids municipal corporations across 4041 towns in redressing grievances and issues with residents nationwide.
User details such as user names, user IDs, email addresses, passwords, phone numbers, information relating to OTPs, and login credentials are among the crucial information that has been hacked.
According to a security researcher's report, unauthorized access to the server has been identified, enabling the threat actor to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence with a detailed blueprint.
The compromised information might be in circulation over various cybercriminal forums as a form of data exchange with the interest of serving emerging demands. It puts victims at stake due to compromised details making them more prone to falling prey to social engineering and phishing attacks.
While LeakBase also offers access to admin panels and servers of most Content Management Systems or CMS. _“These accesses are gained through unauthorized means and are sold for monetary profit,”_ they add...
No official updates are coming from the Ministry of Housing and Urban Affairs, the only governing body of Swachh acknowledging this security incident.
On underground forums, you may find LeakBase, Chucky, Chuckies, and Sqlrip. _"They have a proven track record of giving accurate information in the past. They are also skilled at disseminating data breaches from international corporations"_ according to the [report](https://ke-la.com/six-months-into-breached-the-legacy-of-raidforums/).
LeakBase was a key threat actor on the now-closed RaidForums and ran the website LeakBase.cc, a platform for finding data leaks of all kinds, according to a report by Israeli cybersecurity research powerhouse KELA.
KELA researchers claim that recently, the threat actor has started to _"frequently distribute collections of different databases."_ LeakBase was purportedly shut down in 2017 after receiving criticism from the federal government. LeakBase also distributes hundreds of fresh SQL databases to stores and businesses worldwide.
LeakBase entered the market in March 2022, and as of March 2022, according to its account page on BreachForums, it has already acquired _"God status,"_ a position gained by representatives by selling actual user data that has been stolen from companies or their compromised employees.
The database-selling website Breached is a favorite of hackers, and the KELA investigation claims that LeakBase published a collection of 50 datasets there.
Here is a list of compromised user data exposed during the LeakBase breach:
- Email addresses of users
- Password hashes
- Registered phone numbers
- Transmitted OTP information
- Login IP to the platform
- MAC addresses
- Individual user tokens
- biometric info
It is safer for users to reset their passwords because neither Swachhata nor the Ministry of Housing and Urban Affairs has released advice. It is advised to activate multi-factor authentication, often MFA, and to create a strict password policy.
Users must also patch insecure and exploitable endpoints and keep an eye out for user account oddities, which are a reliable sign of potential account takeovers.