Hackers hack into Indian Embassy website, leaks sensitive data
Two hackers hailing from Netherlands have claimed to have broken into seven Indian High Commission websites, and published online the login details, passwords and database containing names, passport numbers, email ids and phone numbers of people of Indian origin, media reported on Monday.
According to a report on the hackernews website, security pen-testers by the name of Kapustkiy and Kasimierz have claimed responsibility of the hack and told the website the reason behind the hack was to compel administrators to consider the cyber security of their websites seriously.
The hackers in a Pastebin link shared on their Twitter account have claimed to have hijacked the Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians which include students studying abroad as well.
The sites upon inspection revealed that they are vulnerable to SQL Injection vulnerability which allows the hacker to inject malicious SQL commands to the web application and steal database containing sensitive information.
“We did it because their security was poor, and several domains related to the Indian Embassy had the same vulnerability. This proves that a lot of people cannot trust the “Embassy.” We hope that this problem will be fixed in the future,” hackers told The Hacker News via email.
The leaked data shows that the targeted websites are so insecure that even user and admin passwords are also stored in plaintext without any hashing mechanism.