Cyber security agencies suspect a massive data breach has occurred over the last few days, enabling cyber criminals to obtain proof against citizens visiting pornographic websites and blackmailing them.
According to the Maharashtra Cyber police, a rise has been observed in extortion emails received by people over the last few days.
“The victims receive their own account passwords in the email or their browser history which shows that they have accessed porn sites. The emails demand large amounts in bitcoins for not making these details public. Such emails have become rampant over the last few days and this may be due to a data breach event,” Balsing Rajput, Maharashtra Cyber SP, said.
Mr. Rajput said the data breach could be a result of any number of possibilities.
“Often, cyber criminals instal trackers on porn sites which creep into the browsers of the targets when they visit the sites. Once the trackers have access to the victims’ browsers, they can do anything that they are programmed to do, including capture log in names and passwords of email or other accounts.”
Another possibility, he said, is that passwords of a large number of targets, which were hacked at a previous date, have been sold in bulk to a gang specialising in cyber-extortion and are now being used to intimidate the victims. The fact that the criminals have their passwords convinces the targets that they have access to their browsing history as well, the officer said.
The issue, however, does not end here. As viewing pornographic material comes with a stigma, many prefer paying up to alerting the authorities. While the Maharashtra Cyber department has been informally approached by a few people, none of them was willing to register a complaint. The absence of clear data also becomes a hindrance in trying to detect the source of the breach, sources said.
Mr. Rajput said everyone should follow basic cyber hygiene to avoid falling prey to such scams.
“One can go for a two-factor authentication while logging in to email accounts, which alerts the user every time there is an attempt to log in. All devices should have anti-virus software and should be scanned regularly. Any application or programme which is not downloaded by the users should be deleted immediately.”