October 3, 2023

Researchers have observed a threat actor goes by the name Tanaka recently has been observed sharing a post titled “bitsphere.in” on a dark web forum that sheds light on a significant data leak.

As per the researchers, the state website for the Ministry of Ayush in Jharkhand, which provides vital information about Ayurveda, Yoga and Naturopathy, Unani, Siddha, and Homoeopathy medications has been affected.

The leaked database, totalling 7.3 MB in size, reportedly contains over 320,000 patient records, including PII and medical diagnoses. The breach also exposed login information, usernames, passwords, and phone numbers of doctors associated with the website.


Upon investigation, it became evident that the compromised data originated from the servers of ayush.jharkhand.gov.in, which were developed by bitsphere.in. This attribution was established by cross-referencing chatbot, and blog post data shared by the threat actor with publicly available information on the website.

The potential impact of this breach is substantial, as the leaked data could be exploited for account takeovers, brute force attacks and sophisticated phishing campaigns.

To mitigate these risks, it is imperative for potentially affected individuals to implement robust security measures, including a strong password policy, MFA, endpoint patching and secure handling of secrets.

Organizations are advised not to store unencrypted secrets in public repositories and refrain from sharing sensitive information unencrypted on messaging platforms. Continuous monitoring for unusual account activities and regular scans for exposed credentials are crucial steps in maintaining data security.

This research was documented by the researchers from CloudSEK.

Leave a Reply

%d bloggers like this: