It seems the swachh.city platform had been hacked and critical information of nearly 16 million users is at risk. The data of these users is now up for sale on the dark web. The threat intelligence team of CloudSEK tested the sample data and found that leaked data includes email addresses, password hashes, registered phone numbers, OTP information, login IPs, individual user tokens, and browser fingerprint information.
The data was posted for sale by a hacker with the handle LeakBase. He often puts data and cracked accounts on sale for financial gain. This time he has posted the 6GB data dump (1.25GB in compressed form) of Swachh.city platform.
The Swachh.city platform is an initiative of the Swachh Bharat Mission. The platform helps municipal corporations address complaints and grievances of citizens in the country.
This information can be used to perform phishing and social engineering attacks against users and harm them. If you ever entered your information on swachh.city platform. You need to take extra care and avoid clicking on links from unknown senders.
