LeakBase: India Swachhata Platform Breached, 16 Million User PII Records Exposed

  • The data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records.

    The news comes from security researchers at CloudSEK, who discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs.

    According to an advisory published by CloudSEK earlier today, 6GB of compromised data from the Swachhata Platform – an initiative in association with the Ministry of Housing and Urban Affairs of India – is being shared via a popular file–hosting platform.

    “[Leakbase is] previously known from providing reliable information and data breaches from companies around the world,” wrote CloudSEK. “[Threat actors on the platform] often operate for financial gain and conduct sales on their marketplace forum Leakbase.”

    Back in 2017, the platform was at the center of a massive data breach at Taringa, a Reddit–like social network website for Latin American users.

    Further, CloudSEK said Leakbase users often offer access to admin panels and servers of several content management systems (CMSs), allegedly gained via unauthorized means and sold for monetary profit.

    “This information can be aggregated to further be sold as leads on cybercrime forums,” the company wrote.

    Additionally, the security experts said the data could be harvested by threat actors to conduct phishing, smishing and social engineering attacks.

    To mitigate the impact of attacks like this, CloudSEK recommended system administrators to implement a strong password policy and enable multi–factor authentication (MFA) across logins.

    Vulnerable and exploitable endpoints should be patched, and user account anomalies that could indicate possible account takeovers monitored regularly.

    Finally, CloudSEK said companies should monitor cybercrime forums to keep up with the latest tactics employed by threat actors.

    The alleged data leak comes days after Optus was hit by a cyber–attack that exposed the data of at least 10,000 Australians.