A threat actor called LeakBase shared a database containing Personal Identifiable Information (PII) such as email addresses, hashed passwords, User ID etc, belonging 16 million users of the Swachh City platform — swachh.city, an initiative of the Swachh Bharat Mission in association with the Ministry of Housing and Urban Affairs.
The data, which is 1.25 gigabytes in size, was leaked on a popular file-hosting platform and was discovered by CloudSEK’s Threat Intelligence Team.
The hacker usually goes by monikers such as LeakBase, Chucky, Chuckies, and Sqlrip on underground forums. It is understood that LeakBase often operates for financial gain and conducts sales on its marketplace forum leakbase.cc
Also Read: Expert highlights importance of digital hygiene in an increasingly risk-prone online world
Analysis of the Data
From the data sample that was disclosed by the threat actor to substantiate his claim, researchers were able to assess the following information:
Registered Email AddressesPassword HashesRegistered Phone NumberTransmitted OTP InformationLogin IP — to platformMAC Address from user’s systemsIndividual user tokensBrowser Fingerprint information
CloudSEK’s researchers understand that if this information falls into the wrong hands, threat actors can glean and harvest more PII information from affected individuals.
LeakBase also offers access to admin panels and servers of most CMS (Content Management Systems). These accesses are gained through unauthorized means and are sold for monetary profit.
Also Read: These preventive measures can help you stay safe in the digital world
What does this mean for affected individuals?
As personal details such as phone numbers and email addresses are advertised for sale, there is a strong possibility of it being used against the users which the data belongs so.
“This data can be leveraged by other threat actors to conduct large-scale cyber attacks such as phishing, smishing, social engineering, and even identity theft. We recommend that users affected by this leak check for unusual activity on their Swachh.city accounts and other banking and email accounts as well. As a precaution, they should also change their passwords and enable multi-factor authentication,” suggests Rahul Sasi, Co-founder and CEO, CloudSEK.
It would equip malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence. This information can be aggregated to further be sold as leads on cybercrime forums. Social Engineering & Phishing attempts against affected entities or individuals.