A cyber security firm alleges that data of over five lakh users has been stolen from narendramodi.in, the personal website of Prime Minister Narendra Modi. The stolen data includes details like contact information, email IDs, details of over two lakh people who have donated through the website to various funds, including to the coronavirus fund, and all of this data is on sale on the dark web, claims Cyble, a cyber security fim.
The Prime Minister’s office has not commented on the report. We have asked the PMO for a response. The copy will be updated when we receive a response.
“There is a high possibility of the data being misused for criminal purposes as it contains personal details of over 570,000 users. This includes PIIs such as Name, Email ID, contact information, etc,” the company alleged in a blog post on October 16.
Cyble is a US-based company specialising in real-time cyber threats to websites and organisations.
The company alleges that cyber criminals apparently took hold of the data on narendramodi.in recently when they breached it and also used it to hack into the Twitter account of the website. That incident was reported by Twitter.
“On September 3rd, 2020 Twitter confirmed that the personal Twitter account of Narendra Modi, India’s Prime Minister, was hacked,” wrote the Cyble. “On October 10, Cyble was tipped off that the database of the website is available in the dark web. Subsequently, Cyble acquired and analyzed the data leak, which includes multiple databases. Among the databases leaked, ‘cctransactions’ and ‘users’ contain a substantial amount of Personally Identifiable Information (PII) data belonging to the Prime Minister’s followers.”
Dark web is a term for websites that are either based on TOR networks and exist with URLs suffixed with .onion or it describes the sites not indexed by search engines. Many of these websites host marketplaces for hackers and cyber criminals where they can buy and sell stolen data or hacking tools.
Cyble claims that it earlier notified CERT-India, which is the government agency responsible for monitoring and countering cyber threats in India, about the alleged breach on narendramodi.in.
Cyble also alleges that the website leaked details of people who have donated through narendramodi.in.
“Another database which is part of the data leaked showcases details of the financial transaction made by donors for contributing to the fund. This includes non-public data such as bank_ref_no, payment_mode, etc. We estimate that out of 574K users listed on the database, over 292K of them appears to have made donations to the concerned website only. Our analysis further suggests that it includes donations or microdonations for a variety of causes such as COVID-19 Relief, supporting the political party, and other initiatives, e.g. Swachh Bharat,” wrote Cyble.
Currently, there is no official update from CERT-In or from narendramodi.in website denying or confirming the alleged breach on the site.