Hawk Eye, a popular citizen-friendly crime reporting app of Telangana State Police in India, appears to have been hit by a massive data breach, a claim that sources have unofficially confirmed for The Cyber Express. The Hawk Eye app data breach was reportedly masterminded by a threat actor who goes by the name “Adm1nFr1end.”
The claim that the Hawk Eye app had been hacked emerged May 29 on the data leak site BreachForums. The threat actor claimed that they were revealing the stolen database, which consists of the Personally Identifiable Information (PII) of users, including the names, email addresses, phone numbers, physical addresses, IMEI numbers, and their location coordinates.
To substantiate the data breach claim, the threat actor attached sample records, with the latest timestamp of May 2024, while disclosing that the database includes 130,000 SOS records, 70,000 incident reports, and 20,000 travel detail records (screenshot below).
Login Data Exposes Hawk Eye App Data Breach
The Hawk Eye App was launched by the Telangana Police in December 2014 for both Android and iPhone users as part of its initiative to become a citizen-friendly and responsive police force.
Denizens were encouraged to use the app to report on a wide range of activities, including traffic violations, passing on information about criminals, violations by police, and crime against women, and also to pass on suggestions to the lawmen for improved policing and to credit the good work done by them. A key feature of the app is the SOS button for accessing help in case of emergencies.
While logging into the App, users are required to share their personal details, including name, email ID, mobile number and password for registration.
The app currently has a 4.4 rating on the Google Play Store, with more than 500,000 downloads on Android alone.
Source: Hawk Eye App on AndroidHawk Eye App Data Breach Samples
A few of the samples exposed by the threat actor revealed that one woman had filed a complaint on the Hawk Eye App to share that a man had initially promised to marry her and is now facing threats from him and his family. Alarmingly, the data leak revealed her name, mobile number, location, date, and time of complaint, potentially putting her at risk.
In several other cases, citizens had filed complaints of traffic violations, and their data used initially to login to the App, including name, email address, and phone numbers, were revealed in the data breach.
What is noteworthy about the above examples is that all these users had filed complaints only in May 2024, which suggests that the data from the Hawk Eye App was hacked this month.
Cops Wary of Hawk Eye App Data Breach
When The Cyber Express downloaded the “Hawk Eye -Telangana Police†app on Android on May 31, the app remained non-functional after the tester entered the primary details. Surprisingly, the app did not appear when the user tried to download it from the Apple Store.
Sources in the Telangana Police have confirmed to The Cyber Express that there was a failure to upgrade the app and the process for updating a patch is an ongoing exercise. Police sources in the Telangana IT wing shared that they were working with vendors to install an updated patch. This, the police officials shared, could be a reason for the app details being breached.
Additional Director General of Police (Technical Services) VV Srinivasa Rao of the Telangana Police shared that the task of upgrading Hawk Eye has been given to developers and that it should be available for the latest Android versions shortly.
DGP Shikha Goel, who is also the director of the Telangana State Cyber Security Bureau, was unavailable for comment. We update this story as we get more information.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Source: Read More