Data from Prime Minister Narendra Modi’s website was allegedly leaked on the dark web. The leaked data includes a “substantial amount” of personally identifiable information for thousands of people. This includes name, email addresses, and mobile phone numbers, according to a report. The latest development comes just over a month after Prime Minister Narendra Modi’s website Twitter account was hacked. Several tweets were posted at the time, asking people to donate cryptocurrencies to the PM’s National Aid Fund.
Cybersecurity firm Cyble claimed that it was informed on October 10 that databases on the prime minister’s website, Narendramodi.in, were available on the dark web. In analyzing the data breach, the company allegedly found personally identifiable information on more than 5,74,000 users, and more than 2,92,000 of them appeared to have made donations through the website.
India’s Computer Emergency Response Team (CERT-In) did not immediately respond to a request for comment on the matter. There is also no official statement in response to the alleged leak on the Dark Web.
We were unable to verify the data leak independently. We contacted Cyble about the reason for the leak. To this, the CEO of the firm, Beenu Arora, said: “The exact reason for this leak is unknown; however, many of the leaks, in general, occur through monetization. In our opinion, given the website’s seriousness, we recommend to the relevant authorities that they further strengthen their applications’ security posture, especially third parties. “
Financial transactions data of Bhartiya Janta Party (BJP) contributor
One of the leaked databases includes details of donors’ financial transactions to contribute to the ruling Bhartiya Janta Party (BJP) through the Prime Minister’s site. Some screenshots were shared with us, highlighting details, including donor names, email addresses, mobile phone numbers, and payment modes.
“With such a large repository of unauthorized personal information from Indian citizens, the data has the potential to be misused for malpractices such as phishing emails, spam text messages, etc.,” the firm said in a blog post.
The databases on the Narendramodi.in website could have been pulled from instances hosted on AWS and related to their subdomains, based on initial research by the company.
Along with the analysis, likely, the bad actor who puts the data on the Dark Web has accessed other documents and files on the Prime Minister’s website. The website allegedly resulted in the breach of his Twitter account early last month. Cyble noted in the blog post that informed CERT-In that the Twitter account was compromised through Twitter’s website settings.