Recently, seven different Indian embassy websites have undergone a data security breach. Surprisingly, the nationalists are not to blame, nor are the hacktivists. The guilt lies on the penetration testers, who, according to their words, wanted the government to pay attention to the issues with their websites.
As a result of these data security breaches, personal records of several Indian citizens were exposed, as well as those of students who are living abroad.
Specifically, 500 Indian citizens were compromised, and their personal data ended up on Pastebin. The personal data includes phone numbers, email addresses, names, and passport details.
Typically, these types of cyber-attacks aimed at embassies tend to involve hackers from another country, like demonstrated by the example of Turkish cyber-criminals attacking the web properties of Russia’s Israel-based embassy as in January 2016.
However, the latest embassy attacks appear to be unrelated to international conflict of any sort, as it appears to be more of an IT security test.
The hackers behind the Indian embassy attacks are known as Kapustkiy and Kasimierz. They managed to compromise their country’s defences by using an SQL injection method. After that, they proceeded to steal the sensitive information from the compromised web app. Incidentally, they also discovered the usernames and passwords were stored in a plain text file, without using any kind of hashing.
The hackers responsible for the breach claim the intention of their doing so was to draw more intention to the IT security of the compromised websites. According to them, they did not leak any zip codes or real addresses.