Info-tech

French hacker discloses ‘security issue’ in Modi’s website

Hemani Sheth Mumbai | Updated on October 23, 2020 Published on October 23, 2020

A French hacker who goes by the alias ‘Elliot Alderson’ (a nod to the TV series, Mr. Robot) on Thursday flagged a security issue in Prime Minister Narendra Modi’s website.

“Hi @narendramodi, A security issue has been found in your website. Can you contact me asap to fix the issue? Regards, cc @PMOIndia @IndianCERT,” Alderson tweeted.

Alderson then added that he had established contact with the team that handles the website and had disclosed the issue to them.

“10 minutes after this tweet, a contact has been established with the @narendramodi website team and the issues has been disclosed,” he tweeted.

Though he did not disclose the exact issue with the website, Alderson had tweeted that it was related to an alleged data leak from the website.

Last week, cybersecurity firm Cyble had claimed that personal data of over 5,70,000 users had been leaked on the dark web. The firm said it had been tipped off about the leak and was able to acquire and analyse the data.

Watch | PM Modi’s personal website hacked

According to Cyble’s report, the leak contained multiple databases, some of which (‘cctransactions’ and ‘users’) contained a “substantial” amount of personally identifiable information (PII) data belonging to Modi’s followers.

This information includes Name, Email ID, contact information, etc.

The data also contained details of various donations made by users including non-public data such as bank_ref_no, payment_mode, etc.

“We estimate that out of 574,000 users listed on the database, over 292,000 of them appear to have made donations to the concerned website only,” Cyble had said in its report.

Last month, the personal Twitter account of Modi had been hacked. The micro-blogging platform had confirmed the hack following a series of tweets from PM Modi’s account asking followers to donate to the PM’s National Relief Fund using cryptocurrency.

“Cyble subsequently investigated the threat and noted that the breach was due to an account linked to the website of narendramodi.in. On September 3, Cyble notified CERT-India that the Twitter account was compromised through the website’s configuration (example access_token) linked with Twitter,” it said.

There had been no official response to the alleged data leak on the dark web.

ALSO READ: Government denies hacker’s claims of security breach in Aarogya Setu app

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on October 23, 2020
This article is closed for comments.
Please Email the Editor