Cyber security agencies suspect massive data breach in the last few days

Rise in extortion emails received by people who visited porn sites, say police.

April 18, 2020 07:26 pm | Updated 07:30 pm IST - Mumbai

Representational image.

Representational image.

Cyber security agencies suspect a massive data breach has occurred over the last few days, enabling cyber criminals to obtain proof against citizens visiting pornographic websites and blackmailing them.

Also read | Criminals use COVID-19 for phishing: KPMG

According to the Maharashtra Cyber police, a rise has been observed in extortion emails received by people over the last few days.

“The victims receive their own account passwords in the email or their browser history which shows that they have accessed porn sites. The emails demand large amounts in bitcoins for not making these details public. Such emails have become rampant over the last few days and this may be due to a data breach event,” Balsing Rajput, Maharashtra Cyber SP, said.

Mr. Rajput said the data breach could be a result of any number of possibilities.

“Often, cyber criminals instal trackers on porn sites which creep into the browsers of the targets when they visit the sites. Once the trackers have access to the victims’ browsers, they can do anything that they are programmed to do, including capture log in names and passwords of email or other accounts.”

Also read | Google India offers cyber security tips to small businesses trying to overcome lockdown hurdles

Another possibility, he said, is that passwords of a large number of targets, which were hacked at a previous date, have been sold in bulk to a gang specialising in cyber-extortion and are now being used to intimidate the victims. The fact that the criminals have their passwords convinces the targets that they have access to their browsing history as well, the officer said.

The issue, however, does not end here. As viewing pornographic material comes with a stigma, many prefer paying up to alerting the authorities. While the Maharashtra Cyber department has been informally approached by a few people, none of them was willing to register a complaint. The absence of clear data also becomes a hindrance in trying to detect the source of the breach, sources said.

Also read | Speedy solutions for cyber crime

Mr. Rajput said everyone should follow basic cyber hygiene to avoid falling prey to such scams.

“One can go for a two-factor authentication while logging in to email accounts, which alerts the user every time there is an attempt to log in. All devices should have anti-virus software and should be scanned regularly. Any application or programme which is not downloaded by the users should be deleted immediately.”

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.