Cyber Incident Victim: Swachhata Platform

On or around September 29, 2022, the Swachhata Platform—an initiative associated with India’s Ministry of Housing and Urban Affairs—experienced a data breach involving the alleged theft of 16 million user records. Security researchers at CloudSEK identified a post by the data breach notification entity Leakbase, which shared samples of the compromised data on its platform. The samples contained personally identifiable information (PII) such as email addresses, hashed passwords, and user IDs. A 6GB dataset from the breach was subsequently made available for download via a popular file-hosting platform. Leakbase, described by CloudSEK as a source with a history of distributing reliable breach information, operated a marketplace where threat actors frequently sold stolen data for financial gain. The breach occurred shortly after a separate cyberattack targeting Australian telecommunications provider Optus, which exposed data belonging to at least 10,000 individuals.

CloudSEK’s analysis noted that Leakbase users often monetized unauthorized access to administrative panels and servers of content management systems (CMSs), with aggregated data resold as leads on cybercrime forums. The compromised Swachhata data was assessed as potentially exploitable for phishing, smishing, and social engineering campaigns against affected users. Leakbase had prior involvement in high-profile incidents, including a 2017 breach of Taringa, a Latin American social networking platform. No specific details regarding the intrusion vector, containment measures, or direct statements from Swachhata Platform administrators were disclosed in the available reporting. CloudSEK emphasized broader risks posed by such breaches but did not document confirmed malicious use of the Swachhata data at the time of their advisory.