wordpress blog stats
Connect with us

Hi, what are you looking for?

Security Breaches On The Rise: Sulekha, Sify, TimesofMoney, ShareKhan

(by Anupam Saxena and Nikhil Pahwa)

Update: Sulekha CEO Satya Prabhakar has sent us the following statement- ““Sulekha has recently introduced a feature in one of our services where our local business customers can upload photos for promoting their businesses. The utility that we used for allowing this self uploads mistakenly permitted the uploading of HTML files. This loophole was exploited briefly to put up a HTML page on one service homepage of Sulekha. This was promptly diagnosed and rectified. Our investigation has revealed that no user or customer data was compromised and the breach was isolated to one part of our site only. We are undertaking a thorough investigation and strengthening our protocols to prevent this from happening again.”

Earlier: In the last couple of months, there appears to be an increase in the hacking of Indian websites: TheHackerNews reported yesterday that Sulekha.com had been hacked and defaced by an Indian hacker Mr52. Two pages that TheHackerNews points towards – this and this – are now returning a server error.

Over the last couple of months, zSecure, IT security research group, has claimed to have detected vulnerabilities in at least three Indian websites: Sify.com (screenshots),  TimesOfMoney (screenshots)  and brokerage house Sharekhan.com (screenshots), using an SQL injection technique. According to zSecure, a critical SQL Injection vulnerability in the website could allow an attacker to gain access to the site’s entire database which contains confidential customer information.

In Sify’s case, it has published information of e-commerce transactions and masked passwords; in case of TimesofMoney, it has published screenshots of information on registered what appear to be admin users  (no passwords); in case of ShareKhan, there is a single screenshot of the hosting information. Note: TimesOfMoney has pointed out to MediaNama that the screenshots do not list registered users. It has not yet responded to our query on whether those are administrative users listed in the screenshots.

zSecure mails that no data was dumped from the site, and in each case, it says it has decided to make the information public after the companies did not did not pay heed to e-mails informing about the data vulnerability. It also claims that a similar vulnerability exists in HDFC Bank’s website, and even after being informed about the same, the bank has not taken any measures to fix it.

Advertisement. Scroll to continue reading.

Note that MediaNama is unable to verify any of the claims made by zSecure, the authenticity of the screenshots, and whether this level of access (except in case of Sify) indicates a serious security breach. We’re awaiting a response from Sify.com. TimesOfMoney has shared the following comment with MediaNama:

“The screen shots shown in the article alleging stating vulnerability of our site do not prove that there has been a breach of data security, or any loss of customer data. It remains to be seen how the screen shots have been derived. We are protected against any kind of network penetration due to stringent policies followed. Nevertheless, post receipt of this information, we have once again tested our infrastructure for the named vulnerability, and have seen no evidence of breach.

Our data remains secure and our customer transactions are functioning normally”

Other attacks on Indian websites include one on BSNL by the Pakistan Cyber Army; on the Indian Army website and NIC by Anonymous India. Earlier, CCAvenue had denied the authenticity of a hack.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....


By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...


By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...


By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...


This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like


Several State and district administration bodies are introducing closed-circuit television (CCTV) cameras surveillance in schools either as a result of a policy decision taken...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ