HawkEye data hacked? Telangana police begin probe

Need 2-3 days to check claims that details of 1.3 lakh users of the app breached: Officials
Representative Image
Representative Image

HYDERABAD: Following claims that the personal details of over 1.30 lakh users of Hawk Eye, a popular community policing app of the Telangana police, were compromised in a data breach, the state police maintained that the leak is “not completely confirmatory in nature” and they are investigating to find if an actual breach has occurred. Nevertheless, the Telangana Cyber Security Bureau (TCSB) has registered a case and begun the investigation.

On May 29, a threat actor by the screenname of ‘Adm1nFr1end’ took to data leak site BreachForums and claimed that they had breached the HawkEye database. They attached sample records of over 1.30 lakh SOS records including 20,000 travel detail records of the users. Personal data like names, phone numbers, email addresses and their location coordinates were disclosed on the dark web, reports claimed.

Even as screenshots of SOS call records registered on the app started circulating in the media, state authorities told TNIE that it would take around 2–3 days to confirm if there was an actual data breach or if it was an act of mischief.

Additional Director General of Police (Technical Services) VV Srinivasa Rao said, “We are investigating to find if there is an actual breach and if so, the extent of the breach and the likelihood of it damaging the individual privacy. We are currently checking all data logs and have taken complete control of the application to verify further details of the possible data breach.”

Meanwhile, TCSB ADG Shikha Goel told TNIE that the bureau was already working to find out who the hacker was. “Irrespective of the kind of data that is likely compromised, and even if it is a mischievous act, action will be taken against the persons concerned,” she added.

For citizen-friendly policing

The Hyderabad City police launched the Hawk Eye app in December 2014 to become citizen-friendly by enabling the public to participate in community policing. The app allows users to report a traffic violation or crime against women and has safety features for women’s travel and an SOS button for those in distress.

Around 2021, the app was taken over by the state police. The app along with other apps, which were developed at different times to satisfy the requirements of the city police, were then integrated by the Crime and Criminal Tracking Network and Systems (CCTNS), the police said.

“There was then a transfer of application from the original software developer to the main system integration in the latter half of 2022,” said ADGP Srinivasa. “However, after the transfer, the CCTNS was working on CCTNS version 2.0 and then integrated with the latest criminal laws. But this particular app was not upgraded.”

Moreover, as the application is not a part of the CCTNS, there appears to not have been regular security audits.

Meanwhile, Srinivas Kodali, a data researcher and activist, said it was extremely easy to hack the app as they used basic authentication and encoding. He called out the state police for not hiring proper developers and putting the privacy of several thousands of users at risk. “The police department has a role in surveillance and they encouraged the public to instal this application. They have collected data and centralised it without a formalised method of security,” he alleged.

Related Stories

No stories found.

The New Indian Express