Highlights
- A cyber security firm says data of over five lakh users has been stolen from narendramodi.in.
- The data is on sale on the dark web, says the company called Cyble.
- The data includes personal details of users who have donated to the website.
A cyber security firm says that data of over five lakh users has been stolen from narendramodi.in, the personal website of Prime Minister Narendra Modi. The stolen data includes details like contact information, email IDs, details of over two lakh people who have donated through the website to various funds, including to the coronavirus fund, and all of this data is on sale on the dark web, says the company called Cyble.
"There is a high possibility of the data being misused for criminal purposes as it contains personal details of over 570,000 users. This includes PIIs such as Name, Email ID, contact information, etc," the company wrote in a blog post on October 16.
Cyble is a US-based company specialising in real-time cyber threats to websites and organisations.
The company says that cyber criminals apparently took hold of the data on narendramodi.in recently when they breached it and also used it to hack into the Twitter account of the website. The incident was reported by Twitter.
"On September 3rd, 2020 Twitter confirmed that the personal Twitter account of Narendra Modi, India's Prime Minister, was hacked," wrote the Cyble. "On October 10, Cyble was tipped off that the database of the website is available in the dark web. Subsequently, Cyble acquired and analyzed the data leak, which includes multiple databases. Among the databases leaked, 'cctransactions' and 'users' contain a substantial amount of Personally Identifiable Information (PII) data belonging to the Prime Minister's followers."
Dark web is a term for websites that are either based on TOR networks and exist with URLs suffixed with .onion or it describes the sites not indexed by search engines. Many of these websites host marketplaces for hackers and cyber criminals where they can buy and sell stolen data or hacking tools.
Cyble says that it earlier notified CERT-India, which is the government agency responsible for monitoring and countering cyber threats in India, about the breach on narendramodi.in.
While details of users selling on the dark web are alarming enough, Cyble says that the website also leaked details of people who have donated through narendramodi.in.
"Another database which is part of the data leaked showcases details of the financial transaction made by donors for contributing to the fund. This includes non-public data such as bank_ref_no, payment_mode, etc. We estimate that out of 574K users listed on the database, over 292K of them appears to have made donations to the concerned website only. Our analysis further suggests that it includes donations or microdonations for a variety of causes such as COVID-19 Relief, supporting the political party, and other initiatives, e.g. Swachh Bharat," wrote Cyble. Currently, there is no official update from CERT-In or from narendramodi.in about the breach on the site.