Over 3.13 Lakh cybersecurity incidents were reported in 2019 alone, according to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats.
Here, we take a look at some of the biggest recent cybersecurity attacks and data breaches in India.
BigBasket user data for sale online
Date: October 2020
Impact: 20 million user accounts
Details: User data from online grocery platform BigBasket is for sale in an online cybercrime market, according to Atlanta-based cyber intelligence firm Cyble.
Part of a database containing the personal information of close to 20 million users was available with a price tag of 3 million rupees ($40,000), Cyble said on November 7.
The data comprised names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses. Cyble said it found the data on October 30, and after comparing it with BigBasket users’ information to validate it, reported the apparent breach to BigBasket on November 1.
Unacademy learns lesson about security
Date: May 2020
Impact: 22 million user accounts
Details: Edutech startup Unacademy disclosed a data breach that compromised the accounts of 22 million users. Cybersecurity firm Cyble revealed that usernames, emails addresses and passwords were put up for sale on the dark web.
Founded in 2015, Unacademy is backed by investors including Facebook, Sequoia India and Blume Ventures.
Hackers steal healthcare records of 6.8 million Indian citizens
Date: August 2019
Impact: 68 lakh patient and doctor records
Details: Enterprise security firm FireEye revealed that hackers have stolen information about 68 lakh patients and doctors from a health care website based in India. FireEye said the hack was perpetrated by a Chinese hacker group called Fallensky519.
Furthermore, it was revealed that healthcare records were being sold on the dark web – several being available for under USD 2000.
Local search provider JustDial exposes data of 10 crore users
Date: April 2019
Impact: personal data of 10 crore users released
Details: Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users made publicly available, including their names, email ids, mobile numbers, gender, date of birth and addresses, an independent security researcher said in a Facebook post.
SBI data breach leaks account details of millions of customers
Date: January 2019
Impact: three million text messages sent to customers divulged
Details: An anonymous security researcher revealed that the country’s largest bank, State Bank of India, left a server unprotected by failing to secure it with a password.
The vulnerability was revealed to originate from ‘SBI Quick’ – a free service that provided customers with their account balance and recent transactions over SMS. Close to three million text messages were sent out to customers.
Copyright © 2020 IDG Communications, Inc.