Sourajeet Majumder

From Bharatpedia, an open encyclopedia
(Redirected from Draft:Sourajeet Majumder)
Sourajeet Majumder
Born24 September 2003 (2003-09-24) (age 21)
Siliguri, West Bengal, India
OccupationSecurity Researcher, Cyber Expert, Ethical Hacker

Sourajeet Majumder (born 24 September 2003) is an Indian Ethical Hacker, Security Researcher and Cyber Expert. Till date Majumder has helped securing multiple Indian Government sites.[1][2], MNCs[3][4], Universities[5][6] besides many other organizations. He is currently one of the youngest Ethical Hacker in India[7].

Sourajeet first came into the limelight after pointing out a highly critical vulnerability[8][9][10][11][12][13][14] in the official government website of Ministry of Health & Family Welfare (West Bengal) and since then he has been found actively contributing towards online security[15][16][17][18][19] and fighting disinformation[20][21] in the the cyber space.

Life[edit]

Sourajeet was born and brought up in Siliguri, a small city in West Bengal[6]. From a very early age, he was attracted towards technology and was often found meddling with computers and other electronic gadgets[13]. It was in his early school days that he first came across the word "Hacking" while searching for ways to crack the password of his brother's android device. By using a simple ‘Brute-force’ tool, which was available for free on the Internet, he managed to unlock the device. This incident helped him to dive deep into the field. Soon Majumder realized that he could use his skills for social good. At the age of 16, he bagged his first Bug bounty reward from Tumblr[22].

Recent Works[edit]

1. Leakage Of Covid-19 Test Reports:[edit]

In February 2021, Majumder claimed that he had discovered a highly critical vulnerability in the official website of Ministry of Health & Family Welfare (West Bengal) which if exploited could have resulted in the leakage of over 8 Million Covid-19 Test Reports[8]. According to Majumder, after discovering the flaw he quickly communicated with the CERT-IN who acknowledged the breach to Majumder[9]. Sourajeet also claimed that he had reached out to the system coordinator, who manages the website but didn't receive any response from him. However, according to a media report[13] few days after the incident, a government-appointed health official acknowledged the flaw and said it would be fixed immediately[11]. Later reports published by Bleeping Computer[8] and TechCrunch[9] shared that the vulnerability was fixed and could no longer be exploited.

2. Students Data Leaked Online:[edit]

In March 2021, Sourajeet claimed that PII data of thousands of Indian students could be easily accessed by a simple Google search technique[23]. According to him this data was getting leaked from multiple websites belonging to educational institutes and from publicly uploaded documents on Scribd[23]. Majumder claims to have discovered the data of many private schools, college and university students which included students' names, parents' names, phone numbers, email addresses and Aadhar card numbers[23].

Later in July 2021 similar concerns regarding the leakage and sale of Indian student's data was brought up the Internet Freedom Foundation[24][25]

3. Alleged Moneycontrol Data Breach:[edit]

In April 2021, Majumder tweeted that personal data of over 7 lakh registered users of Moneycontrol were available on a hacker's forum for just $350.[15][26][27]. According to him the leaked data consisted of user emails and plain text passwords besides other details[26][27]. Majumder further claimed that he was able to verify the login credentials which the hackers had shared as sample. This received a lot of attention and the Chief Technology Officer of Network18 replied to the tweet thread calling it an old data set with which Majumder highly disagreed[27]. A couple of days later it was found that a lot of users received a password change mail from Moneycontrol[26] which Majumder in a press report called "a sneaky way" of asking users to change their passwords, without letting them know about the breach[26][15]

Later in the month of May, Troy Hunt appreciated the effortsmade by Majumder in bringing this breach out and added the leaked data set as a part of Have I Been Pwned[28]

References[edit]

  1. NCIIPC Acknowledging Majumder (July 2019). "NCIIPC Newsletter July 2019" (PDF). NCIIPC.
  2. NCIIPC Acknowledging Majumder (October 2019). "NCIIPC Newsletter October 2019" (PDF). NCIIPC.
  3. "Apple Web Server Notification". Apple Inc.{{cite web}}: CS1 maint: url-status (link)
  4. "Bughunter Hall Of Fame". Google.{{cite web}}: CS1 maint: url-status (link)
  5. "Drexel's Bug Bounty Program". Drexel University.{{cite web}}: CS1 maint: url-status (link)
  6. 6.0 6.1 "কেমব্রিজকে বাঁচাল শহরের সৌরজিৎ". Anandabazar Patrika.
  7. "Warding off hackers: Bug bounty hunters working to keep firms cyber secure". Business Standard.
  8. 8.0 8.1 8.2 "Over 8 million COVID-19 test results leaked online". Bleeping Computer.
  9. 9.0 9.1 9.2 "Indian state government website exposed COVID-19 lab test results". TechCrunch.
  10. "WB govt website leaks lab results of millions of corona patients". IMDb.
  11. 11.0 11.1 "Health Website Leaks 8 Million COVID-19 Test Results".
  12. "Exclusive | West Bengal Health Dept Left Over 1 Lakh Covid-19 Reports Exposed to Public Search". News18.
  13. 13.0 13.1 13.2 "কোভিড আক্রান্তদের তথ্য ফাঁস! স্বীকার করলেন স্বাস্থ্য আধিকারিক". TV9 Bangla.
  14. "করোনা পরীক্ষা করিয়েছিলেন? আপনার ব্যক্তিগত তথ্য যেতে পারে হ্যাকারদের হাতে". Ei Samay Sangbadpatra.
  15. 15.0 15.1 15.2 "Indian news portal's server breach exposes 40mn users; hackers selling 700K records for $350". International Business Times.
  16. "Vaccine Registration Targeted by Fake Apps: How to Stay Safe?". The Quint.
  17. "Pegasus Zero-Click Attack: How Does It Infect Phones? Which Device is Safe?". The Quint.
  18. "Privacy Analysis: How Much Of Your Data Do Popular Apps Share?". The Quint.
  19. "Domino's India Hack: 7 Years of Internal Docs, 10 Lakh Credit Cards on Sale for Rs 3.4 Crore". News18.
  20. "LinkedIn's Data 'Scraped' Not 'Breached': Cyber Security Expert". The Quint.
  21. "How Cybercriminals Sell Fake Data and Fall for It Too". The Quint.
  22. "সোশাল মিডিয়ার ভুল ধরে অ্যামেরিকার সংস্থার পুরস্কার পেল কিশোর". ETV.
  23. 23.0 23.1 23.2 "Data of 100,000 Indian Students Leaked Online, Claims Researcher". The Quint.
  24. "EXPLAINED: HOW THE STUDENT DATA BREACH LEAVES MINORS VULNERABLE TO SEVERAL THREATS". Firstpost.
  25. "Securing Examination Data: No Child's Play". Internet Freedom Foundation.{{cite web}}: CS1 maint: url-status (link)
  26. 26.0 26.1 26.2 26.3 "Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users". Inc42.
  27. 27.0 27.1 27.2 "Moneycontrol.com data breach: Personal details of over seven lakh users up for sale on Hackers forums – Here is what we know so far". OpIndia.
  28. "have i been pwned?".{{cite web}}: CS1 maint: url-status (link)

External links[edit]

Retrieved from "https://en.bharatpedia.org/w/index.php?title=Sourajeet_Majumder&oldid=225073"