Impact Guru, India’s Leading Crowdfunding Platform Breached – 500,000+ User Records Leaked in Darkweb

Update as on July 08, 2020: Cyble team of Threat Researchers has assessed that number of attacks are increasing on Organizations based in India and their data is put on sale in the darkweb. These attacks are either through ransomwares or exploiting the security misconfigurations of internet-facing systems.

“Attackers are not even sparing the crowd-funding platforms for Non-Governmental Organizations. “

Recently, Cyble Research Unit (CRU) identified a credible threat actor who claimed to be in possession of confidential data of Impact Guru – A donation-based crowdfunding platform that offers global crowdfunding solutions for NGOs, social enterprises, startups and individuals. Launched by Maneka Gandhi, Union Cabinet Minister for Women & Child Development, Government of India in September 2015, Impact Guru has mobilized ₹150 crores (US$21 million) for various NGOs and social enterprises in more than 15 countries and is currently recognized as India’s leading crowdfunding online site

Given the sensitivity of the matter, Cyble researchers investigated further and verified that the actors have obtained database records along with the structure of the database.

“Due to the breach, approximately 507k+ user records are at risk. “

Critical information gathered after analysis –

  • Email IDs are stored along with password in both plain-text as well as encrypted format
  • Banking details (account number, IFSC code, SWIFT code and other similar details) of 8,000+ users
  • Chat history of users

The leaked details include:

  • Pan Card number
  • Aadhar Card number
  • Facebook ID, Twitter ID, Linkedln ID, Apple ID (if available), of each user
  • Address
  • Registration Date
  • Paypal Email
  • IP Address Location
  • and many more…

Cyble has been reporting these types of breaches to aware individuals of the risks associated with using online services.

As soon as our research team identified this leak, the data was instantly acquired and indexed on our data breach monitoring and notification platform, AmiBreached.com – people who’re concerned about their information exposure can register on the platform to ascertain the risks.

We recommend people to:

  • Never share personal information, including financial information over the phone, email or SMSs
  • Use strong passwords and enforce multi-factor authentication where possible
  • Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
  • Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
  • Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
  • People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

About Cyble

Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence. 

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

This monitoring and notification platform gives the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020. 

Leave a Comment

Your email address will not be published.

%d bloggers like this: