BHUBANESWAR: Amid increasing cyber fraud incidents in the state, login credentials of four important government websites of the country including one from Odisha were found to be leaked in a deep web group, raising concerns over vulnerability of classified information and official data.
The vulnerability of the government websites came to the fore after the login credentials of Human Resources Management System (HRMS) of the state, e-portal of Income Tax, Crime and Criminal Tracking Network and Systems of Uttar Pradesh and a portal of DRDO were found to be leaked on the deep web group ‘collection data-self-free’.
The deep web groups are parts of the world wide web whose contents are not indexed by standard web search-engine programmes making those inaccessible through traditional browsers.
Sources said at least 33 login credentials of Odisha HRMS leaked in the deep web group were found to be correct and by using the credentials the portals were successfully accessed leaving little scope for the actual users to trace it.
The National Technical Research Organisation (NTRO) has already informed the Odisha government about the vulnerability of the official websites after it accessed the HRMS Odisha portal using the leaked credentials. Besides asking for a root cause analysis, the NTRO has sought a sample of malware for necessary action at their end. It has also asked for immediate remedial actions by restricting the login access of these users to the portal.
Cybersecurity experts emphasised the need for immediate action to strengthen digital defences and prevent further unauthorised access. They recommended implementation of stronger authentication methods, vulnerability assessments and regular security audits, besides enhancing employees training on cybersecurity best practices.
The Home department has asked the General Administration and Public Grievance department, which handles the HRMS portal concerning all employees, to take immediate action to prevent such leaks in future. “The breach is being investigated to determine the full extent of the exposure and to assess any immediate impact on government operations,” said a GA department official.
Earlier, the National Critical Information Infrastructure Protection Centre (NCIIPC) of NTRO had alerted the state government to take steps to thwart vulnerability and protect data after it found security risks in at least 26 websites in Odisha.