Hackers have accessed swachh.city platform, an initiative of the Swachh Bharat Mission in association with the Ministry of Housing and Urban Affairs, India, and may share data of nearly about 16 million users.
Researchers claim that they assessed registered email addresses, password hashes, registered phone numbers, transmitted OTP information, login IPs, individual user tokens, and browser fingerprint information of the affected users from the data sample on the Dark Web.
The threat intelligence team of AI-driven Singapore-headquartered CloudSEK said the breach of the Swachhata Platform is the handiwork of threat actor LeakBase.
The finding showed that critical information of approximately 16 million users could be ending up in the wrong hands.
“The adversary, going under the monikers of LeakBase, Chucky, Chuckies, and Sqlrip on underground forums has shared a database containing Personal Identifiable Information (PII) such as email addresses, hashed passwords, User IDs etc,” the researchers noted.
LeakBase often operates for financial gain and conducts sales on its marketplace forum on the Dark Web.
The database of size 1.25 GB has been disclosed under the post and has been hosted on a popular file-hosting platform.
LeakBase also offers access to admin panels and servers of most CMS (content management systems).
This information can be harvested by hackers to conduct phishing, in the form of fake breach notice emails from Swachh City, and social engineering to reveal more sensitive information.
It would equip hackers with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, warned researchers. This information can also be aggregated to further be sold as leads on cybercrime forums.