New Delhi: Cybersecurity firm CloudSEK has reported that the Parivahan website suffered a data breach, leading to the leak of its source code and user data on the Dark Web.
CloudSEK claimed that the breach exposed the source code of the Integrated Road Accident Database (iRAD) website, an initiative by the Ministry of Road Transport and Highways (MoRTH).
The breach, discovered on August 2, involved sharing the code on an underground cybercrime forum, potentially compromising sensitive information and security infrastructure.
“CloudSEK has notified the MoRTH about the breach. The firm urges immediate action to secure the iRAD website and safeguard sensitive user data,” the firm said.
Detailed analysis of the leaked source code by CloudSEK uncovered alarming issues. “We discovered sensitive assets embedded within the code, including hostnames, database names, and passwords. The usernames and passwords found in the source code were quite simple and susceptible to brute-force attacks when there’s local access to the server,” stated the cybersecurity firm.
The source code references sms.gov.in, a NIC SMS Gateway used by government departments to send SMS to Indian nationals. The embedded URL in the source code includes fields for usernames and passwords, which if exploited, might give unauthorized individuals the ability to send messages to recipients, CloudSEK noted.
The same threat actor, after exposing the source code, shared a sample dataset of 10,000 user records from a vulnerable API endpoint of the iRAD website on August 7. This data breach was achieved through an SQL injection, underscoring significant vulnerabilities. The leaked dataset contains sensitive information such as user IDs, names, emails, mobile numbers, and passwords.
Upon verification, some mobile numbers and names from the sample dataset matched via Truecaller. The dataset also included email IDs and clear text passwords of government officials, according to CloudSEK.
Bablu Kumar, Cyber Intelligence Analyst at CloudSEK, explained: “The extraction of source code and an SQL injection wield a power that extends far beyond the surface. These breaches are not mere data breaches; they are gateways to understanding the very essence of a website’s business logic. The threat is not limited to the data lost today; it encompasses the potential for more profound impacts, opening doors to realms of sensitive information that we cannot foresee.”
