On Sunday evening, a website called “magicapk.com” surfaced that contained the personal data of millions of Reliance Jio users.
At roughly 6 pm on Sunday, a website called “magicapk.com” started making its way through various Indian social media channels including Twitter, WhatsApp and Reddit India. The website, which came with a simple user interface as shown above, simply asks visitors to enter a Reliance Jio mobile number to get access to “Jio sim details”.
It could be the biggest data breach in India as the data leak in question over pertains to a database of over 120 million users of Reliance Jio. The website seems already a little sluggish and expected to go down soon as more users rush to find out if their personal data has been leaked. It took a couple or three tries for the number to show up on the website. It is not clear at this moment why this data has been leaked or how someone outside Jio got access to sensitive customer data.
Recent search terms:
According to Hackeread.com, a user by the name of “nclay” claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.
This included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) – BTC here stands for Bitcoins. Hackeread adds the vendor also published data and evidence to prove it was genuine.
Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked.
Zomato, in a blog post
A group that calls itself “Legion” promises more, and bigger, data dumps.
According to the interaction by Washington Post’s Max Bearak, the hacking group was not after these specific high-profile targets with a hitlist, instead it was the other way around. The group reportedly got hold of several terabytes of raw data categorised by “interests” within which they got hold of gigabytes of data pertaining to Indian public figures. In short, it was the available data that helped them choose whom to target first.
The current objective was to was to dump classified data into public domain. The data which instigated the Legion to these hacks apparently came from what remains to be an unknown source. And it was quite a big dump with access to over 40k+ servers in India. It was so immense that the hacker group even built a tool to sift through them.
Source: The man hacking India’s rich and powerful talks motives, music, drugs and next targets – The Washington Post
Check Point reported at least 86 apps have been found to have traces of Gooligan, most of which appear legitimate and have been given artificially high ratings in the app store.
Once one of the infected apps is installed onto a user’s device, either from an app store or by clicking a malicious link, it begins collecting data about the device and reporting it to a command and control server—a centralized computer that issues commands to and receives reports from devices.
How to check / know if your account is hacked?
Check Point recommended in a blog post that people who suspect their devices may have been compromised (seen unusual pop-up ads on your phone lately?) should check to see whether their account has been breached by entering their email addresses at the following website: https://gooligan.checkpoint.com/.
The official Twitter account of Indian National Congress was found to be hacked on Thursday, hours after party vice-president Rahul Gandhi’s verified twitter account was hacked.
Twitter explodes with jokes