Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records.
Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs.
Earlier this week, an advisory published by CloudSEK reported that 6GB of compromised data from the Swachhata Platform – an initiative in association with the Ministry of Housing and Urban Affairs of India – is being shared via a popular file–hosting platform.
“[Leakbase is] previously known from providing reliable information and data breaches from companies around the world,” wrote CloudSEK. “[Threat actors on the platform] often operate for financial gain and conduct sales on their marketplace forum Leakbase.”
The platform in 2017 was at the center of a massive data breach at Taringa, a Reddit–like social network website for Latin American users.
Further to this, CloudSEK said Leakbase users often offer access to admin panels and servers of several content management systems (CMSs), allegedly gained via unauthorized means and sold for monetary profit.
“This information can be aggregated to further be sold as leads on cybercrime forums,” the company wrote.
In addition, the security experts said the data could be harvested by threat actors to conduct phishing, smishing and social engineering attacks.
In order to mitigate the impact of attacks like this, CloudSEK recommended system administrators to implement a strong password policy and enable multi–factor authentication (MFA) across logins.
It’s recommended that vulnerable and exploitable endpoints should be patched, and user account anomalies that could indicate possible account takeovers monitored regularly.
To conclude, CloudSEK said companies should monitor cybercrime forums to keep up with the latest tactics employed by threat actors.
It appears that the alleged data leak comes days after Optus was hit by a cyber–attack that exposed the data of at least 10,000 Australians.
