The government has warned that the recent data breaches at Air India, Domino's, and Big Basket have exposed the emails and passwords of hundreds of Union government personnel to hackers.
As per the details obtained from a copy of an internal document that stated that compromised emails on government domains such as @nic.in and @gov.in are potential cyber risks because they are being exploited by "adversaries" to send malicious emails to all government users.
According to the alert sent to officials, "It is intimated that recent data breaches of Air India and other companies like Domino's, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious emails to all government email users. It may please be noted that largely these are name-based email IDs which are available with the malicious actors," reported The Hindu.
The alert notification also added that malicious actors aim to attack government officials using a variety of methods, including phishing, in which attackers send e-mails to officials instructing them to click on a specific file or weblink and obtain permission.
A fraudulent weblink was provided on WhatsApp and SMS to many government offices, including Defence Ministry staff, days after the notice was sent on June 10, urging them to update their vaccination status.
The message directed authorities to https://covid19india.in to generate a digital certificate of COVID-19 inoculation, forwarding them to a page called "@gov.in," which looks similar to the government website mygov.in, and asking for their official e-mail and password.
In May, it was found that the data of 18 crores Domino's India customers had been hacked and sold on the dark web. Hackers illegally obtained data from Domino's secure computer resource and hosted it on the Internet, according to Domino's counsel, who told the Delhi High Court earlier this month. The information includes phone numbers and addresses, among other things.
Hackers put the personal information of 2 crore users of online grocer BigBasket on the dark web for sale in April.
Name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data) as well as credit card data (but no passwords or CVV/CVC numbers) were all affected by the Air India data breach.