Tech News Site BGR India Hacked; Employee Data Leaked On Dark Web

Mobile and technology news website BGR India’s website was recently hacked and the data collected from the website has been leaked on the dark web. The data included email IDs, passwords and other information of the former employees of the company.

The hack was first reported by breach monitoring services, Under the Breach. The company reported that the hackers shared the structured query language (SQL) database, which is the standard language for accessing and manipulating databases. The company added that the database was stored in hashed form, but was converted with a function on WordPress.

The company noted that the hackers accessed the data through an unsecured Amazon Web Services (AWS) bucket and one archive that belongs to the BGR’s website in India. Under the Breach also tweeted highlighting data from “Sohini Mitter”, “Dhruv Attri”,“Sachin Pawar” and more such employees.

BleepingComputer.com reported that the full SQL backup from BGR India contained the emails, hashed passwords, usernames and other information from the website. BGR’s internal investigation found that the exposed data belonged to former employees.

It has assured that all the email IDs are now “defunct” and are no longer in use. “We, at BGR India, give safety and data privacy of utmost importance. At no point need any of our users to be worried about their personal data being misused,” the website said.

The hackers have confirmed that the total dump on the dark web contains at least 36K emails and logins from BGR and other websites like Australia-based tradinggame.au.com and Mumbai-based S3 Production.

Data Breaches On A Rise?

According to Nasscom’s Data Security Council of India (DSCI) report, India has been the second most cyberattacks affected country between 2016 to 2018. The report noted that the cost of the data breaches In India has increased by 7.9% since 2017 and the average cost per breach is INR 4,552 ($64).

The cybersecurity wing of India’s Computer Emergency Responses Team (CERT-In) believed that enterprises and startups with unprotected servers are one of the biggest contributors to the data breaches in the country. Last year, OYO, Bounce, Just Dial, Airtel, Nykaa Fashion, Uber, WhatsApp, OnePlus, and others had been subjected to data breaches and cybersecurity attacks along with the government’s Online Health Registration System.

Recently, international carrier SpiceJet was also subjected to a data breach, which compromised the personal details of 1.2 Mn passengers. The personal information included names, phone numbers, email addresses and date of birth.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.