On Friday, a media report revealed that some hackers had exposed the emails, passwords and other private information of BGR India on the dark web. BGR – which stands for Boy Genius Report is a US-headquartered tech website which also operates from India.
The breach was first reported earlier this week by a data breach monitoring service called “Under the Breach” on its Twitter handle with over 4,000 followers.
BREAKING: Actor dumps the MySQL database of https://t.co/iFsjvATWZZ (@BGRIndia) a huge Indian tech news site!— Under the Breach (@underthebreach) February 26, 2020
- 2,000,000 monthly visitors, @BGR 11,650,000 monthly visitors!
-Hacked due to exposed s3 AWS bucket.
- Usernames, E-mails, Passwords and more.
- Full SQL backup. pic.twitter.com/MA6lH6JKt6
Without revealing the exact details on how much data was compromised before being noticed, Under the Breach did note that hackers exploited the database from unprotected Amazon Web Services archives - one of which was BGR India.
Incidentally, AWS- the on-demand cloud computing platform of American e-commerce giant Amazon – extended a helping hand to the Indian government to safeguard sensitive data from outsiders in December last year.
The hackers used online blogging website WordPress to store the hashed credentials before exposing them.
BGR addressed the issue through a story on their website claiming that the exposed email IDs and passwords in question, belonged to their former employees and were no longer in use.
In October 2019, the confidential data of nearly 1.3 million Indian debit and credit cardholders was compromised on the dark web, and up for sale to the public, exposing them to the risk of online financial fraud.
If cyber-criminals were to take an interest, the massive private data leak is estimated to have a black market value of roughly $130 million for the hackers.