DGP denies leak of hotel guest data; police data hacker arrested
Last year, the accused had also leaked data regarding Aadhaar cards and critical information related to other agencies. “The probe is ongoing, with efforts to identify any additional accomplices involved in this case,” the DGP said.
Hyderabad: Director-General of Police Ravi Gupta on Sunday denied that there was any leak or transfer of data of guests or hotel management data to any third party.
In a statement here, Gupta denied reports in the media on what cyber security activists had said on X on data of hotel guests being transferred to a US-based firm and said TSCOP did not collect any visitor or hotel management data.
“Hence, it is absolutely incorrect to say that TSCOP pushed / gave such Data to any third party. Therefore, certain related media reports that appeared in newspapers are denied,” he said in the statement.
Meanwhile, the DGP said that in a significant breakthrough, the Telangana Cyber Security Bureau (TGCSB) had apprehended a hacker involved in breaching the data of the Hawk Eye application of the Police Department.
The arrest was made on Saturday, he said. The case was registered following the detection of a data breach involving the Hawk Eye application, with subsequent leaks concerning TSCOP and SMS services.
TGCSB investigators travelled to Delhi, where they identified and arrested the hacker, who had claimed to have posted the compromised data on a public platform for a price, the DGP said. Upon reporting the incident, the TGCSB, using advanced tools, successfully unveiled the hacker’s identity.
The hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at US $150. He provided the Telegram IDs Adm1nfr1end and Adm1nfr1ends for interested buyers to contact him regarding the Hawk Eye and TSCOP data, respectively. Despite attempts to mask his identity, TGCSB personnel utilized social engineering techniques to track him down in Delhi and apprehended him.
He will be brought to Hyderabad on a transit remand, Gupta said. According to the DGP’s statement, the accused had a history of cybercrimes, having been previously involved in a similar case of hacking and was arrested by the Special Cell of the Dwaraka Police Station, New Delhi.
Last year, the accused had also leaked data regarding Aadhaar cards and critical information related to other agencies. “The probe is ongoing, with efforts to identify any additional accomplices involved in this case,” the DGP said.
“It is also brought to the notice of the public through the media, that no sensitive/financial data of any user has been compromised. The Hawkeye mobile application only retains user information such as mobile numbers, addresses, and email IDs as part of its data repository. Prima-facie, it is suspected that because of a weak or compromised password, the intruder might have obtained access to certain segments of Hawkeye data by generating a report,” the DGP’s statement said.
“As far as the TSCOP is concerned, this application has been solely utilized for in-house tasks, guaranteeing no collection of confidential/financial user data. It is a fact that TSCOP does not collect any Visitor / Hotel Management Data at all,” he added.
In case of the SMS server URL of the Hyderabad City Police, the intruder’s claims were false as the URL has been defunct and unsubscribed since April 2022, with Hyderabad City Police ceasing its usage long before that, he said.
“In addition to investigating the data breach incident, we have also initiated comprehensive monitoring, vulnerability assessments and penetration testing across all police internal and external networks, web and mobile applications, as well as cloud and endpoints to identify and address any security weaknesses, so as to prevent any future breach,” he added.
