Security News > 2021 > March > Researchers hacked Indian govt sites via exposed git and env files
Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government.
Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities.
As a result of this team exercise, the researchers found some serious flaws including 35 cases of exposed credential pairs for critical applications, publicly-reachable sensitive files exposing 13,000 PII records, dozens of police reports, etc.
Env files on one or more Indian government subdomains.
After persisting with their reconnaissance efforts, the researchers continued to discover even more publicly accessible files on government sites, such as SQL dumps and databases that should have remained inaccessible over the web.
After the researchers reported the flaws via intermediary government bodies, such as India's National Cyber Security Coordinator and CERT-IN, the flaws were eventually remediated.