A hacker claims to be selling an extensive database related to an Indian government portal meant for labor migrating out of the country.
Started by Ministry of External Affairs of India, the eMigrate portal helps Indian workers migrate abroad legally. The portal also provides immigration clearance and insurance tracking services to migrant workers.
According to a post on a well-known cybercrime forum seen by TechCrunch, the pseudonymous hacker released a small portion of the data containing the full names, email addresses, phone numbers, dates of birth, postal addresses and passport details of people he allegedly to have registered on the portal.
TechCrunch has verified that some of the data posted by the hacker appears to be genuine. Similarly, TechCrunch validated the phone numbers found in the published data using a third-party app. One of the files involved a foreign ambassador to the Indian government, whose information in the sample matched public information. A message sent by TechCrunch to the ambassador via WhatsApp was not returned.
It is unclear whether the data was obtained directly from the eMigrate servers or through a prior breach. The hacker did not share the exact details of when the breach allegedly occurred, but claims to have at least 200,000 internal and registered user records.
At the time of publication, India’s eMigrate portal reports that around half a million people have received immigration clearance in 2023.
When contacted via email about the data breach, India’s computer emergency response team, known as CERT-In, told TechCrunch that it was “in [the] procedure for taking the appropriate measures with the competent authority.” India’s foreign ministry did not respond to multiple requests for comment.
This is believed to be the latest cyber security incident affecting the Indian government in recent months. Earlier this year, TechCrunch exclusively reported on a data breach affecting the Indian government’s cloud service that leaked reams of sensitive information on its citizens. Soon after, it was discovered that fraudsters had placed online betting ads hidden on Indian government websites.
