Bhopal (Madhya Pradesh): Large amounts of data have been leaked on dark net, prompting the state cyber department to open a window for people to register complaints. People are also being advised to change email passwords immediately.
Earlier, CERT-In first noticed the leak and issued an advisory recommending two-step verification. According to CERT-In, 16 crore login credentials were exposed on the internet, including usernames, passwords, session cookies and authentication tokens from popular platforms, in June this year.
SP of state cyber cell, PranyaNagwanshi, said the police were alert after the CERT-In advisory and monitoring activities of cyber fraudsters.
We discovered some data had been leaked on dark net and decided to issue a common advisory so users can change their email passwords,” he said. He said that a special police cell has been established to register complaints regarding cyber fraud.
Nagwanshi noted similar incidents occurred in 2019, when over 2.2 crore credentials were exposed from various breaches.
Sources of the leak
According to CERT-In, the leaked data came from two main sources
Infostealer malware that steals saved credentials and browsing data from users’ devices.
Misconfigured databases that were not properly secured, allowing public access to private information.
Attackers collected information from 30 different sources, making this breach a combination of smaller leaks rather than a single incident. Together, they created a massive list of sensitive information now circulating on the internet, including parts of the dark web.
How to stay safe
CERT-In advises immediate action for prople and organisations
Change passwords immediately, especially for email, social media, and banking accounts. Use strong passwords with at least 12 characters.
Avoid reusing passwords across different services.
Enable multi-factor authentication (MFA) wherever possible, adding extra security like a one-time code on your phone.
Be cautious with links sent over email or text, especially those asking to log in or reset passwords.
Use password managers to create and store unique, strong passwords for each service.
Keep devices updated and run anti-malware tools regularly to stay protected.
