Cyber Incident Victim: Impact Guru

In July 2020, Cyble's Research Unit identified a threat actor advertising confidential data from Impact Guru, an India-based crowdfunding platform serving NGOs, social enterprises, and individuals across 15 countries. The platform, launched in 2015 by Union Cabinet Minister Maneka Gandhi, had processed approximately ₹150 crores (US$21 million) in donations prior to the breach. Cyble investigators verified the actor's claims, confirming unauthorized access to Impact Guru's database structure and approximately 507,000 user records. The compromised data included email addresses stored alongside both plaintext and encrypted passwords, creating immediate credential compromise risks. Financial exposure extended to banking details—account numbers, IFSC codes, and SWIFT codes—belonging to over 8,000 users. Attackers exfiltrated highly sensitive government-issued identification documents, specifically PAN Card and Aadhar Card numbers, which are critical identity verification markers in India. Additional personal information leaked encompassed users' social media profiles (Facebook, Twitter, LinkedIn, Apple IDs), physical addresses, registration dates, PayPal-associated emails, and IP address locations. Chat histories between users and the platform were also compromised, potentially revealing donation discussions or support queries. Cyble attributed the breach to broader targeting of Indian organizations through ransomware attacks or exploitation of internet-facing system misconfigurations, noting attackers' willingness to compromise even nonprofit-oriented platforms.

The breach posed significant risks due to the aggregation of financial, biometric, and digital identity data in a single dataset. Impact Guru's status as India's leading crowdfunding platform amplified the incident's scope, affecting donors and beneficiaries across multiple countries. Cyble acquired the leaked dataset and integrated it into AmiBreached.com, their data breach monitoring service, enabling individuals to check personal exposure. No evidence suggested Impact Guru officially confirmed the breach or disclosed remediation efforts at the time of Cyble's report. The researchers emphasized the exceptional sensitivity of the stolen Aadhar numbers, which serve as universal identity credentials linked to government services and financial accounts in India. Combined with plaintext passwords and banking information, the dataset created multifaceted identity theft and financial fraud opportunities. Cyble documented the incident as part of a surge in attacks against Indian entities, with stolen data frequently appearing on dark web marketplaces. Their public disclosure aimed to alert potential victims while avoiding technical specifics about the attack vector or exact timeline of initial compromise. The platform's breach represented one of the first major security incidents involving India's crowdfunding sector, highlighting vulnerabilities in platforms handling high volumes of sensitive donor and beneficiary data.