Sourajeet Majumder
Sourajeet Majumder | |
---|---|
Born | 24 September 2003 Siliguri, West Bengal, India |
💼 Occupation | Security researcher, cyber expert, ethical hacker |
Sourajeet Majumder (born 24 September 2003) is an Indian ethical hacker, security researcher and cyber expert. until date Majumder has helped securing multiple Indian Government sites,[1][2] MNCs,[3] Universities[4][5] besides many other organizations.[6] He is currently one of the youngest ethical hackers in India.[7]
Majumder first came into the limelight after pointing out a highly critical vulnerability[8][9] in the official government website of Ministry of Health & Family Welfare (West Bengal) and since then he has been found actively contributing towards online security[10][11] and fighting disinformation[12][13] in cyber space.
Life[edit]
Majumder was born and brought up in Siliguri, a small city in West Bengal. From a very early age, he was attracted towards technology and was often found meddling with computers and other electronic gadgets.[7] It was in his early school days that he first came across the word "Hacking" while searching for ways to crack the password of his brother's android device.[7] By using a simple ‘brute force’ tool, which was available for free on the Internet, he managed to unlock the device.[7] This incident helped him to dive deep into the field. Soon Majumder realized that he could use his skills for social good.[14] At the age of 16, he bagged his first Bug Bounty reward from Tumblr.[15]
Recent works[edit]
Leakage of Covid-19 Test Reports[edit]
In February 2021, Majumder claimed that he had discovered a highly critical vulnerability in the official website of Ministry of Health & Family Welfare (West Bengal) which if exploited could have resulted in the leakage of over 8 Million Covid-19 Test Reports.[8] According to Majumder, after discovering the flaw he quickly communicated with the CERT-IN who acknowledged the breach to Majumder.[16] Majumder also claimed that he had reached out to the system coordinator, who manages the website but didn't receive any response from him[17] However, according to a media report[18] few days after the incident, a government-appointed health official acknowledged the flaw and said it would be fixed immediately.[19] Later reports published by Bleeping Computer[8] and Tech Crunch[16] shared that the vulnerability was fixed and could no longer be exploited.
Students data leaked online[edit]
In March 2021, Majumder claimed that PII data of thousands of Indian students could be easily accessed by a simple Google search technique.[20] According to him this data was getting leaked from multiple websites belonging to educational institutes and from publicly uploaded documents on Scribd.[20] Majumder claims to have discovered the data of many private schools, college and university students which included students' names, parents' names, phone numbers, email addresses and Aadhar card numbers.[20]
Later, in July 2021, similar concerns regarding the leakage and sale of Indian student's data was brought up the Internet Freedom Foundation[21][22]
Alleged moneycontrol data breach[edit]
In April 2021, Majumder tweeted that personal data of over 7 lakh registered users of Moneycontrol were available on a hacker's forum for just $350.[23] According to him the leaked data consisted of user emails and plain text passwords besides other details.[24] Majumder further claimed that he was able to verify the login credentials which the hackers had shared as sample. This received a lot of attention and the Chief Technology Officer of Network18 replied to the tweet thread calling it an old data set with which Majumder highly disagreed. A couple of days later it was found that a lot of users received a password change mail from Moneycontrol[24] which Majumder in a press report called "a sneaky way" of asking users to change their passwords, without letting them know about the breach[24]
Later, in May, security expert Troy Hunt appreciated the efforts made by Majumder in bringing this breach out and added the leaked data set as a part of Have I Been Pwned[25]
References[edit]
- ↑ NCIIPC Acknowledging Majumder (July 2019). "NCIIPC Newsletter July 2019" (PDF). NCIIPC.
- ↑ NCIIPC Acknowledging Majumder (October 2019). "NCIIPC Newsletter October 2019" (PDF). NCIIPC.
- ↑ "Apple Web Server Notification". Apple Inc. Unknown parameter
|url-status=
ignored (help) - ↑ "Drexel's Bug Bounty Program". Drexel University. 9 March 2021. Unknown parameter
|url-status=
ignored (help) - ↑ "কেমব্রিজকে বাঁচাল শহরের সৌরজিৎ". Anandabazar Patrika.
- ↑ "Acknowledgements". BBC. Unknown parameter
|url-status=
ignored (help) - ↑ 7.0 7.1 7.2 7.3 Young ethical hacker of Siliguri gains praise, retrieved 2021-08-08
- ↑ 8.0 8.1 8.2 "Over 8 million COVID-19 test results leaked online". Bleeping Computer.
- ↑ "করোনা পরীক্ষা করিয়েছিলেন? আপনার ব্যক্তিগত তথ্য যেতে পারে হ্যাকারদের হাতে". Ei Samay Sangbadpatra.
- ↑ "Vaccine Registration Targeted by Fake Apps: How to Stay Safe?". The Quint.
- ↑ "How SOS Posts on Social Media Are Turning Into a Privacy Nightmare". The Quint.
- ↑ "LinkedIn's Data 'Scraped' Not 'Breached': Cyber Security Expert". The Quint.
- ↑ "How Cybercriminals Sell Fake Data and Fall for It Too". The Quint.
- ↑ "Warding off hackers: Bug bounty hunters working to keep firms cyber secure". Business Standard.
- ↑ "সোশাল মিডিয়ার ভুল ধরে অ্যামেরিকার সংস্থার পুরস্কার পেল কিশোর". ETV.
- ↑ 16.0 16.1 "Indian state government website exposed COVID-19 lab test results". TechCrunch.
- ↑ "Exclusive | West Bengal Health Dept Left Over 1 Lakh Covid-19 Reports Exposed to Public Search". News18.
- ↑ "কোভিড আক্রান্তদের তথ্য ফাঁস! স্বীকার করলেন স্বাস্থ্য আধিকারিক". TV9 Bangla.
- ↑ "Health Website Leaks 8 Million COVID-19 Test Results".
- ↑ 20.0 20.1 20.2 "Data of 100,000 Indian Students Leaked Online, Claims Researcher". The Quint.
- ↑ "EXPLAINED: HOW THE STUDENT DATA BREACH LEAVES MINORS VULNERABLE TO SEVERAL THREATS". Firstpost.
- ↑ "Securing Examination Data: No Child's Play". Internet Freedom Foundation. 26 July 2021. Unknown parameter
|url-status=
ignored (help) - ↑ "Indian news portal's server breach exposes 40mn users; hackers selling 700K records for $350". International Business Times.
- ↑ 24.0 24.1 24.2 "Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users". Inc42.
- ↑ "have i been pwned?". Unknown parameter
|url-status=
ignored (help)
External links[edit]
This article "Sourajeet Majumder" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Sourajeet Majumder. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.