What happened at the Portal for Health Informatics (PHI) of IIIT Delhi?

A significant data breach was reported at PHI, IIIT Delhi, which was caused by a SQL injection vulnerability and carried out by a threat actor known as 'UsNsA.' The breach compromised sensitive information, including usernames, email addresses, and various internal healthcare-related documents.

What was in the leaked database?

The leaked database consisted of 82 files totaling around 1.8 GB and contained 10,842 emails from approximately 6,500 unique domains. It also included user details and internal healthcare files related to ovirustdb, leukemiabd, indiabiodb, HIV, and more. Tables such as bacvacdb, cancerdp, PHPMyadmin, dengi, and Crud were also present in the leaked database, along with usernames such as admin, test, osddadmin, etc.

Who was responsible for the breach?

The data breach was carried out by a threat actor known as 'UsNsA,' who has a history of sharing databases from other countries. The breach could potentially lead to infrastructure access, account takeovers, and ransomware attacks.

What actions have been taken in response to the breach?

CloudSEK, the security researchers, have already informed IIIT Delhi and relevant authorities about the breach. Organizations are advised to investigate, enhance security, encrypt data, and monitor for any misuse of the compromised information.

Incident

Data breach of IIIT Delhi's informatics platform exposes healthcare data

published: July 31, 2023

Learn More

A significant data breach was reported at the Portal for Health Informatics (PHI) of International Institute of Information Technology (IIIT) Delhi. The breach, detected by security researchers was caused by a SQL injection vulnerability and was carried out by a threat actor known as "UsNsA." T

he leaked database, consisting of 82 files totaling around 1.8 GB, contained 10,842 emails from approximately 6,500 unique domains, as well as user details and internal healthcare files.

The compromised information included

usernames,
email addresses,
various internal healthcare-related documents related to ovirustdb, leukemiabd, indiabiodb, HIV, and more.

Tables such as bacvacdb, cancerdp, PHPMyadmin, dengi, and Crud were also present in the leaked database. User information from the DotProject Contacts Table was obtained, including usernames like well known credentials like admin, test, osddadmin etc..

The threat actor, UsNsA, has a history of sharing databases from other countries, and the breach could potentially lead to infrastructure access, account takeovers, and ransomware attacks. CloudSEK has already informed IIIT Delhi and relevant authorities about the breach.

Update - on 3rd of July IIIT-Delhi denied that the PHI portal encountered a breach, nor that the supposed leaked data included any sensitive information.
'We would like to clarify that there has been no such data breach on our public platform. The platform in question is specifically designed to host non-sensitive, openly available datasets that can be used by researchers for further research purposes only. It does not contain any personal data, including emails, user details, or sensitive healthcare files," it said in a statement.
"The reported list of databases and tables allegedly leaked during the breach, such as ovirustdb, leukemiabd, indiabiodb, HIV, bacvacdb, cancerdp, PHPMyadmin, dengi, and Crud, is factually incorrect. Though these data sets are available on the website, it doesn't contain any personal information," it added.

Data breach of IIIT Delhi's informatics platform exposes healthcare data

Read More
Resort Data Processing reports data breach
BSNL India telecom operator victim of data breach, …