A threat named LeakBase shared a database containing personal information that allegedly affected 16 million users of Swachh City, an Indian complaint settlement platform.
Leaked details include usernames, email addresses, password hashes, mobile phone numbers, one-time passwords, last logins and IP addresses, among others, according to a report. Report is confidential company CloudSEK shared with The Hacker News.
The website is currently inaccessible.
The Swachhata platform is part of the Indian government’s national initiative Swachh Bharat Mission to “achieve universal coverage of sanitation.”
According to Cyble, the database includes 101,718 unique email addresses and 15,835,111 unique mobile phone numbers, putting users at risk for phishing, phishing, social engineering, and identity theft.
Company network security states that the breach could take advantage of compromised credentials belonging to admin and non-admin accounts, potentially obtained with a brute force attack.
An analysis of the dataset also shows that the most recent login was observed on May 20, 2022, indicating that the threat agent performed the intrusion on that date.
Service users are advised to implement a strong password policy, rotate passwords, and enable two-factor authentication.