Report: 10,000 Users’ Sensitive Data Exposed on Dark Web After Breach of Government Road Accident Database Website
In a startling revelation, cyber security firm CloudSEK’s XVigil AI digital risk platform has revealed a major data breach of the Ministry of Road Transport and Highways’ integrated road accident database website.
According to CloudSEK, a data breach discovered on August 2nd has exposed the illegal sharing of website source code in an underground cybercrime forum, also known as the dark web. In its report, the cyber security company stated: “Our source managed to obtain the source code, which is a total of 165 megabytes in size. Most of the code is written in PHP.”
“We have found several sensitive contents embedded in the code. The code included hostnames, database names and passwords. The usernames and passwords used in the source code were quite simple and could be vulnerable to brute force attacks with local access to the server,” the report added.
Further investigations into the leaked source code have also revealed that the code contained references to the NIC SMS Gateway GUI portal (sms.gov.in), potentially allowing unauthorized persons to send messages to citizens. The embedded URLs contained fields for usernames and passwords, increasing the risk of unauthorized access.
According to the researchers: “On August 7, the same threat actor made another message that shared sample data from 10,000 users of the website. The message also mentions that a structured query language (SQL) injection was used to obtain information from a vulnerable API endpoint, which is still accessible at the time of writing.”
According to the message, the header contains information like id, office_id, name, email, regno, active, mobile, ps_code, notes, password, username, creator, department code, role code, state_code, designation, creation_date, old_password, password_enc, district_code , email_verified, mobile_verified .
“Our source was able to cross-check some of the cell phone numbers and names in the sample data against Truecaller, and they matched. The sample data also includes official email IDs and plain-text passwords,” the report added.
The researchers said the leaked information could be used to gain initial access to website infrastructure, account takeovers could be possible if leaked credentials are not encrypted, and frequently used or weak passwords could be vulnerable to brute force attacks. This would give bad actors the information they need to filter and stay on top of the data.
However, CloudSEK said the Ministry of Road Transport was notified of the breach and instructed to take immediate action to secure the iRAD website and protect sensitive user data. ReturnByte has learned that the cyber security company also works closely with CERT-In and informs them about every vulnerability. It is also understood that based on the details of the report shared by CloudSEK, the government has taken the necessary steps.