LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed

Yesterday, Leakbase, a website with a data breach notification, reported that someone allegedly hacked the Swachhata platform in India and stole 16 million user records. Cloudsek’s security researchers broke the news when they found a report that sample data containing personal information (PII), including email addresses, hashed passwords and user IDs, had been leaked. Earlier this week, Cloudsek’s consultants reported on an initiative in which 6 GB of compromised data from the Swachhata platform – India’s Ministry of Housing and Urban Affairs – was distributed through the popular file hosting platform. “Previously, [Leakbase] was known to provide reliable leaks of information and data from companies around the world,” CloudSEK wrote. “[Threat actors on the platform] often act for financial gain and sell on the Sunday Leakbase forums.” The platform was at the center of a massive data leak on Taringa, a Reddit-like social networking site for Spanish users, in 2017. In addition, CloudSEK said October that leakbase users often gain access to the admin panels and servers of various content management systems (CMS), which are allegedly taken without permission and sold for monetary gain. “This information can be combined for further sales as potential customers on cybercrime forums,” the company wrote. In October, security experts said the data could be harvested by threat actors to carry out phishing, smishing attacks and social engineering attacks.