The hackers claim to be selling a large database linked to an Indian government portal for blue-collar workers migrating from India.
The eMigrate portal, launched by the Indian Ministry of External Affairs, helps Indian workers migrate legally abroad. The portal also provides migration permit tracking and insurance services to migrant workers.
According to a cybercrime forum listing seen by TechCrunch, the anonymous hackers released some of the data, including names, email addresses, phone numbers, dates of birth, mailing addresses and passport details of individuals who had allegedly registered with the portal.
TechCrunch has confirmed that some of the data exposed by the hackers is authentic. Similarly, TechCrunch used a third-party app to verify phone numbers found in the exposed data. One of the records was for a foreign ambassador for the Indian government, and the information in the sample matched with the public information. A message sent by TechCrunch to the ambassador via WhatsApp went unreturned.
It's unclear whether the data was obtained directly from eMigrate servers or through a previous intrusion. The hackers did not provide exact details about when the intrusion occurred, but they claim to have entries for at least 200,000 internal and registered users.
At the time of writing, India's eMigrate portal said that around 500,000 people had been granted permission to migrate in 2023.
When contacted by email about the data breach, the Computer Emergency Response Team of India (CERT-In) told TechCrunch: [the] We are in the process of taking appropriate action with the relevant authorities,” he said. India's foreign ministry did not respond to multiple requests for comment.
This is believed to be the latest cybersecurity incident to affect the Indian government in recent months. Earlier this year, TechCrunch exclusively reported on a data breach that affected the Indian government's cloud services and exposed a ton of sensitive citizen information. Soon after, it was discovered that scammers had been planting hidden online gambling ads on Indian government websites.