Sourajeet Profile picture
Security Researcher
Jan 13 14 tweets 10 min read
🧵 How a misconfig let anyone view PII of Covid-19 patients and modify data related to Covid-19 sero survey (Of Haryana)

So, the Govt Of Haryana has 2 state projects under the @_DigitalIndia programme called :
1. Covid Sample Report Portal
2. Covid-19 Sero Survey Portal

(1/13) According to official docs, the first portal is used to store COVID-19 testing details uploaded by all COVID-19 laboratories (public or private) for effective monitoring directly by @cmohry

Source : negd.gov.in/sites/default/…

(2/13)
#infosec #bugbounty #hacking
Apr 18, 2021 4 tweets 3 min read
Bad day for #job seekers 🤦
@wisdom_jobs which is one of the three major job portals in #India has allegedly been breached and login credentials of around 238K+ of its users have been made public for free by hackers on #telegram and #hacking forums :(
(1/4)
@sanjg2k1 @IndianCERT The login credentials which the hackers have made public includes email address & Base64 encoded passwords which literally just takes 2 secs to decode and I have personally verified that almost all of them are working credentials 🥴
(2/4)
Apr 17, 2021 6 tweets 6 min read
NOT AGAIN ! A member of a #hacking forum has allegedly breached @dominos_india and got access to 13TB of internal files (from 2015-21), which he threatens to sell if a #ransom of 50 BTC is not paid 😨
#india #databreach #infosys #gdpr
#privacy
(1/5) Acc to him, he has internal files of 250 employees from IT, Legal, Finance, Marketing, Operations etc. Also customers details and 180M order details (name, ph number, email, delivery address, payment details) and 1M credit cards used to purchase on the @dominos app.
(2/5)