wordpress blog stats
Connect with us

Hi, what are you looking for?

Security Breaches On The Rise: Sulekha, Sify, TimesofMoney, ShareKhan

(by Anupam Saxena and Nikhil Pahwa)

Update: Sulekha CEO Satya Prabhakar has sent us the following statement- ““Sulekha has recently introduced a feature in one of our services where our local business customers can upload photos for promoting their businesses. The utility that we used for allowing this self uploads mistakenly permitted the uploading of HTML files. This loophole was exploited briefly to put up a HTML page on one service homepage of Sulekha. This was promptly diagnosed and rectified. Our investigation has revealed that no user or customer data was compromised and the breach was isolated to one part of our site only. We are undertaking a thorough investigation and strengthening our protocols to prevent this from happening again.”

Earlier: In the last couple of months, there appears to be an increase in the hacking of Indian websites: TheHackerNews reported yesterday that Sulekha.com had been hacked and defaced by an Indian hacker Mr52. Two pages that TheHackerNews points towards – this and this – are now returning a server error.

Over the last couple of months, zSecure, IT security research group, has claimed to have detected vulnerabilities in at least three Indian websites: Sify.com (screenshots),  TimesOfMoney (screenshots)  and brokerage house Sharekhan.com (screenshots), using an SQL injection technique. According to zSecure, a critical SQL Injection vulnerability in the website could allow an attacker to gain access to the site’s entire database which contains confidential customer information.

In Sify’s case, it has published information of e-commerce transactions and masked passwords; in case of TimesofMoney, it has published screenshots of information on registered what appear to be admin users  (no passwords); in case of ShareKhan, there is a single screenshot of the hosting information. Note: TimesOfMoney has pointed out to MediaNama that the screenshots do not list registered users. It has not yet responded to our query on whether those are administrative users listed in the screenshots.

Advertisement. Scroll to continue reading.

zSecure mails that no data was dumped from the site, and in each case, it says it has decided to make the information public after the companies did not did not pay heed to e-mails informing about the data vulnerability. It also claims that a similar vulnerability exists in HDFC Bank’s website, and even after being informed about the same, the bank has not taken any measures to fix it.

Note that MediaNama is unable to verify any of the claims made by zSecure, the authenticity of the screenshots, and whether this level of access (except in case of Sify) indicates a serious security breach. We’re awaiting a response from Sify.com. TimesOfMoney has shared the following comment with MediaNama:

“The screen shots shown in the article alleging stating vulnerability of our site do not prove that there has been a breach of data security, or any loss of customer data. It remains to be seen how the screen shots have been derived. We are protected against any kind of network penetration due to stringent policies followed. Nevertheless, post receipt of this information, we have once again tested our infrastructure for the named vulnerability, and have seen no evidence of breach.

Our data remains secure and our customer transactions are functioning normally”

Other attacks on Indian websites include one on BSNL by the Pakistan Cyber Army; on the Indian Army website and NIC by Anonymous India. Earlier, CCAvenue had denied the authenticity of a hack.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?

News

A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'

News

India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...

News

There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data

News

Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ