Apparently affecting 16 million members of Swachh City, an Indian complaint redressal portal, a threat actor going by the name of LeakBase has leaked a database including personal information.
According to a report from security company CloudSEK shared with The Hacker News, leaked information includes usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among other things.
The Swachhata Platform is a component of the Swachh Bharat Mission (Clean India Mission), an all-encompassing effort by the Indian government to “achieve universal sanitation coverage.”
According to Cyble, the database contains 15,835,111 distinct cell numbers and 101,718 unique email addresses, placing consumers at risk for identity theft, phishing, smishing, and social engineering.
According to the cybersecurity company, the hack may have used compromised administrator and non-administrator account credentials that were most likely obtained using a brute-force attack.
The most recent login was seen on May 20, 2022, according to a review of the dataset, which further suggests that the threat actor carried out the exfiltration activities on that day.
It is advised for service users to set up a strong password policy, change their passwords frequently, and enable two-factor authentication.
