The data belongs to Indian Missions in Africa and Europe — Hackers claim they leaked the data because site admins didn’t respond to security alerts.
Hackers using the alias Kapustkiy and Kasimierz posted on twitter that they have managed to access the official websites of the Indian missions in countries including South Africa, Libya, Malawi, Mali, Italy, Switzerland and Romania.
The security breach occurred on Monday and the hacker duo also dumped the data online. Reportedly, the Indian High Commission in South Africa was the first one to be hacked and then Indian embassies in Switzerland and Italy were attacked.
Hackers claim that they both are less than 18 years of age and hail from Netherlands. They prefer to refer to themselves has “grey hats.”
The dumped databases contain crucial information such as admin and login details, email addresses, names, contact numbers and some mission staffers’ passport numbers as well. The data was posted on Pastebin and after some time it was deleted by the site’s administrator.
In an exclusive conversation with HackRead, the hackers revealed that they have access to copies of the data, however, they intend not to leak it online as the reason behind this breach was to give site admins a “wake up” call.
Through this data leak, hackers have allegedly exposed details of Indians living in the above-mentioned countries. According to the data leak, there are currently 161 Indians in South Africa, 305 in Libya, 35 in Switzerland, 14 in Mali, 74 in Malawi and 42 in Romania.
The external affairs ministry has released an official statement explaining that the matter is being investigated. According to the ministry’s representative Vikas Swarup, they were aware of the issue already and were trying to resolve it.
The hacker using the nick Kapustkiy stated that the carried out the hack attack simply because of the “poor security.”
“As the Indian Embassy they need to have better security,” noted the hacker.
The hacker further revealed that various other Indian missions’ websites are also vulnerable to exploitation since their security is also poor. Kapustkiy also narrated the reason behind the weak security of such critically important websites.
“The websites have a SQL vulnerability. Even a six-year-old could breach it” explained Kapustkiy.
SQL vulnerability refers to a flaw that lets any hacker insert malicious files into the database through exploiting the website’s code, utilizing website forms or via email. Through these infected files, the hacker can breach the security of the databases and attain unfettered access.
The hacker also informed that site admins usually overlook these sorts of flaws and end up getting the data exploited: “It’s not hard to fix it. You just have to be aware of such things because most of the time you want to contact them and saying that they have vulnerabilities, they just ignore you.”
They actually wanted website administrators to be more attentive to the inherent vulnerabilities present on their sites so as to prevent such breaches in the future.
“All the actions we made were to force the administrators of the site to get better protection on their websites. It’s very odd that multiple websites of embassies can be exploited with an SQL injection,” stated the other hacker Kasimierz.