A researcher has found a total of 3,202 email IDs belonging to the Indian government and various organisations of the state, on the dark web.
Over the past four years Sai Krishna Kothapalli has been collecting data found in both the deep web and the dark web, creating a database containing 1.8 billion email IDs and passwords. Approximately, over 85% of the passwords are in plain text, whilst some were dehashed by hackers.
After analyzing the data, Kothapalli found that in total the 3,202 leaked email IDs belonged to 12 entities, of which 365 belonged to the Indira Gandhi Centre for Atomic Research (IGCAR), followed by 325 email IDs from the Bhabha Atomic Research Centre (BARC) and 157 email IDs from Securities and Exchange Board of India (SEBI).
“What blows my mind is the fact that the top 2 organisations whose employees Emails IDs and passwords were hacked and are available in the deep web belong to Atomic research. I am ruling out coincidence because you can’t have two organisations which deal with Atomic research on the top by sheer chance,” said Kothapalli.
Kothapalli added that the number of leaked employees’ credentials from IGCAR and BARC is more than double the number of credentials belonging to SEBI.
The researcher had found no entries on the “Have I Been Pwned” service, thus concluding that the breached email IDs and passwords from the organisations was due to a targeted phishing campaign.
As a result, employees might be at risk of having their accounts taken over. Additionally, if an employee is utilising the same username and passwords for any other service/applications, hackers can easily gain access into the systems.
After tweeting his findings, Kothapalli was approached by a reporter allegedly from NDTV: “While talking to the reporter, I got curious and searched for NDTV in the database. Little did I know that another surprise was waiting for me!”
Kothapalli found that the email accounts used to contact him had been compromised and belonged to Barkha Dutt and Ravish Kumar. Hackers had gained access to their Twitter and email accounts three years ago, with reports at the time suggesting that the hack was due to North Korean hackers.
Kothapalli is in the process of finishing the investigation and contacting the respective organisations about his findings.
“It is not just Government organisations, many MNCs and Indian companies credentials have been leaked this way. At this stage, it is super important to be proactive, revoke those credentials and take proper security measures,” Kothapalli added.
The researcher stated that two-factor authentication should be made necessary in organisations, or even utilise Universal Two Factor (UTF) authentication company-wide.
The post #Privacy: Over 3,000 Indian government email IDs on the dark web appeared first on PrivSec Report.