This report discusses a security incident involving the Bangalore Water Supply and Sewerage Board (BWSSB), where a threat actor known as pirates_gold compromised over 290K user records by selling direct root access to the database. The breach was caused by exposed database credentials in a publicly accessible .env file. The threat actor leveraged vulnerabilities to gain access and monetize the stolen data. Affected: Bangalore Water Supply and Sewerage Board (BWSSB), 290K+ user records
Keypoints :
- The Bangalore Water Supply and Sewerage Board (BWSSB) experienced a significant data breach.
- Over 290,000 user records were compromised and offered for sale by a threat actor named pirates_gold.
- The threat actor claimed to negotiate lower prices for the data, indicating urgency to sell.
- Technical analysis revealed an exposed Adminer tool and credentials in a publicly accessible .env file.
- The credentials allowed complete administrative access to BWSSB’s database.
- The breach exposed sensitive Personally Identifiable Information (PII) including names, addresses, and contact details.
- Recommendations include conducting comprehensive security audits and revoking exposed credentials.
MITRE Techniques :
- T1078: Valid Accounts – The threat actor utilized valid database credentials exposed in the .env file to gain unauthorized access to the BWSSB database.
- T1190: Exploit Public-Facing Application – The actor exploited the exposed Adminer interface to gain direct root-level access to the database.
- T1068: Exploitation of Privilege Escalation Vulnerabilities – The use of exposed credentials allowed the actor to escalate privileges to root-level administrative access within the BWSSB database.
Indicator of Compromise :
- [Domain] owc.bwssb.gov.in
- [File] .env
- [IoC Type] Database Username – {exposed in .env file} (exact username not provided)
- [IoC Type] Email Address – {not provided, but implies potential for email addresses in PII}