India's official portal for communicating with its expatriate community, the Global Pravasi Rishta Portal, leaked private information, including names and passport numbers.
The site revealed user names, last names, country of residence, email addresses, occupation status, phone numbers, and passport numbers in plaintext. Poor security procedures, such as a lack of authentication techniques, made the leak conceivable. 30 million Indian expats worldwide are intended to be connected by the Global Pravasi Rishta Portal. The organisation in charge of carrying out foreign policy in India is the Ministry of External Affairs.
The portal serves as a communication channel for the Ministry of External Affairs, Indian Missions, and the Indian diaspora. The English translation of Pravasi Rishta is "expatriate partnerships." The Ministry of External Affairs has been contacted by the Cybernews team to let it know about the leak. Though we didn't hear back from them, the security flaw was eventually resolved.
About the theft:
Passport numbers being revealed is a rare situation that significantly increases consumer danger.
2020 saw the disclosure by Marriott International of a data breach that exposed information on more than five million hotel guests, including their passport numbers. The passport numbers of 20,000 users of Air Canada's mobile app were exposed due to a compromise that occurred in 2018.
Even if identity theft is unlikely, the team asserts that it is possible if a passport number is disclosed to threat actors.
"Passport information could be exploited for other sorts of fraud when combined with other disclosed data. Users of the platform should monitor their credit history and file, utilise multi-factor authentication, and use secure passwords, according to researchers.
The information was made available through the website's edit feature, where anyone may access the edit information for any user on the site by altering the URL. In other words, while altering the user ID in the URL leads to another user's account, only one registered user is required to access all of them.
Please do not enter any spam link in the comment box.