A hacker claims to be selling an extensive database associated with an Indian government portal meant for blue-collar workforce emigrating from the country.
Launched by India’s ministry of external affairs, the eMigrate portal helps Indian labor legally emigrate overseas. The portal also provides emigration clearance tracking and insurance services to migrant workers.
According to a listing on a known cybercrime forum that TechCrunch has seen, the pseudonymous hacker published a small portion of the data containing full names, email addresses, phone numbers, dates of birth, mailing addresses, and passport details of individuals who allegedly signed up to the portal.
TechCrunch verified that some of the data published by the hacker appears genuine. Similarly, TechCrunch validated the phone numbers found in the published data using a third-party app. One of the records pertained to a Indian government foreign ambassador, whose information in the sample matches public information. A message sent by TechCrunch to the ambassador via WhatsApp went unreturned.
It is unclear whether the data was obtained directly from the eMigrate servers or through a previous breach. The hacker did not share the exact details of when the breach allegedly occurred, but claims to have at least 200,000 internal and registered user entries.
At the time of publication, India’s eMigrate portal says about half a million people were granted emigration clearance in 2023.
When reached by email about the data breach, India’s computer emergency response team, known as CERT-In, told TechCrunch that it was “in [the] process of taking appropriate action with the concerned authority.” India’s ministry of external affairs did not respond to multiple requests for comment.
This is thought to be the latest cybersecurity incident affecting the Indian government in recent months. Earlier this year, TechCrunch exclusively reported on a data leak affecting the Indian government’s cloud service that spilled reams of sensitive information on its citizens. Soon after, it was discovered that scammers had planted online betting ads hidden on Indian government websites.