- On 14 August, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor Tanaka sharing a database marked as bitsphere[.]in on an english speaking hacking forum.
- Analysis of the database reveals that the following information has been leaked:
- More than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis.
- 500 login credentials with multiple cleartext passwords as well.
- Contact information of 737 people who used the contact us form
- On investigation of the data, it was revealed that this data has been taken from the servers of ayush.jharkhand.gov.in which are developed by bitsphere.in.
- This data was attributed to ayush jharkhand’s website by correlating chatbot data and blogpost data shared by the threat actor with the publicly available data on the website.
Read more of their findings on CloudSek.
Tanaka is a frequent contributor on a hacking forum that is also on clearnet, and has almost 150 listings that consist of databases, combolists, and other types of leaks. They were also on the previous version of BreachForums (Breached.vc), and do not appear to be a native English speaker.