In breaking news about India’s security landscape, researchers reveal that the country’s foreign ministry ‘Global Pravasi Rishta’ suffered from a data leak involving the sensitive passport details of Indian expats. According to the researchers, the intelligence report has already been confirmed.
The Indian foreign ministry platform ‘Global Pravasi Rishta’ connects over 30 million Indians outside the country. The Ministry of External Affairs of India manages the platform as a communication tool for Indian expats, Indian Missions, and Indian government bodies.
Numerous passport details of Indian migrants have been compromised in the security incident.
Based on reports, the foreign ministry platform had leaked numerous critical passport details belonging to Indian nationals currently residing outside of the country, including full names, usernames, current country of residence, email addresses, occupations, contact numbers, and passport numbers.
Moreover, the researchers believe that the data leak is caused by poorly implemented security measures, including the lack of authentication procedures in the portal.
The foreign ministry’s website’s edit function is presumed to be the root cause of the data leak. Researchers explained that manipulating and configuring the site’s URL allowed anyone to edit user details on the portal.
Hence, a single registered user can access all of the existing user data on the portal and edit them, including replacing the user ID embedded in the URL to lead them to another user’s account.
After sending a report of the identified issue to India’s Ministry of External Affairs, the issue has been fixed. Although, the researchers have not received any comment from the government body.
The leak of sensitive data, such as passport details, has not been uncommon in cybersecurity. Thus, when such misfortunate instances happen, security experts fear potential attack threats from malicious actors exposing victims to security risk.
Several security incidents have happened in the past couple of years, involving thousands to millions of people being exposed to cyberattacks after large companies leaked passport numbers online. With these incidents, the victims’ data could be used for malicious objectives, such as identity theft, phishing, fraud, and others.
For these reasons, security experts strongly recommend victims of passport details leaks be wary of possible attack attempts from malicious actors. The Indian migrants involved in this issue are advised to monitor their credit files and histories closely, alongside activating multi-factor authentication (MFA) to all of their online accounts.
Reporting to authorities about suspicious activities using their data is highly advised.
