The topic of this article may not meet Wikitia's general notability guideline. (Learn how and when to remove this template message)
|Born||24 September 2003 (age 18)|
Siliguri, West Bengal, India
Sourajeet Majumder (born 24 September 2003) is an Indian Ethical Hacker, Security Researcher and Cyber Expert. Till date Majumder has helped securing multiple Indian Government sites, MNCs, Universities besides many other organizations. He is currently one of the youngest Ethical hacker|Ethical Hacker in India.
Sourajeet first came into the limelight after pointing out a highly critical vulnerability in the official government website of Ministry of Health & Family Welfare (West Bengal) and since then he has been found actively contributing towards online security and fighting disinformation in the the cyber space.
Sourajeet was born and brought up in Siliguri, a small city in West Bengal. From a very early age, he was attracted towards technology and was often found meddling with computers and other electronic gadgets. It was in his early school days that he first came across the word "Hacking" while searching for ways to crack the password of his brother's android device. By using a simple ‘Brute-force search|brute force’ tool, which was available for free on the Internet, he managed to unlock the device. This incident helped him to dive deep into the field. Soon Majumder realized that he could use his skills for social good. At the age of 16, he bagged his first Bug bounty program|Bug Bounty reward from Tumblr.
1. Leakage Of Covid-19 Test Reports:
In February 2021, Majumder claimed that he had discovered a highly critical vulnerability in the official website of Ministry of Health & Family Welfare (West Bengal) which if exploited could have resulted in the leakage of over 8 Million Covid-19 Test Reports. According to Majumder, after discovering the flaw he quickly communicated with the Indian Computer Emergency Response Team|CERT-IN who acknowledged the breach to Majumder. Sourajeet also claimed that he had reached out to the system coordinator, who manages the website but didn't receive any response from him. However, according to a media report few days after the incident, a government-appointed health official acknowledged the flaw and said it would be fixed immediately. Later reports published by Bleeping Computer and TechCrunch|Tech Crunch shared that the vulnerability was fixed and could no longer be exploited.
2. Students Data Leaked Online:
In March 2021, Sourajeet claimed that PII data of thousands of Indian students could be easily accessed by a simple Google search technique. According to him this data was getting leaked from multiple websites belonging to educational institutes and from publicly uploaded documents on Scribd. Majumder claims to have discovered the data of many private schools, college and university students which included students' names, parents' names, phone numbers, email addresses and Aadhar card numbers
3. Alleged Moneycontrol Data Breach:
In April 2021, Majumder tweeted that personal data of over 7 lakh registered users of Moneycontrol.com|Moneycontrol were available on a hacker's forum for just $350. According to him the leaked data consisted of user emails and plain text passwords besides other details. Majumder further claimed that he was able to verify the login credentials which the hackers had shared as sample. This received a lot of attention and the Chief Technology Officer of Network18 Group|Network18 replied to the tweet thread calling it an old data set with which Majumder highly disagreed. A couple of days later it was found that a lot of users received a password change mail from Moneycontrol.com|Moneycontrol which Majumder in a press report called "a sneaky way" of asking users to change their passwords, without letting them know about the breach.
Later in the month of May, security expert Troy Hunt appreciated the efforts made by Majumder in bringing this breach out and added the leaked data set as a part of Have I Been Pwned?|Have I Been Pwned
- NCIIPC Acknowledging Majumder (July 2019). "NCIIPC Newsletter July 2019" (PDF). NCIIPC.
- NCIIPC Acknowledging Majumder (October 2019). "NCIIPC Newsletter October 2019" (PDF). NCIIPC.
- "Apple Web Server Notification". Apple Inc.
- "Drexel's Bug Bounty Program". Drexel University.
- "কেমব্রিজকে বাঁচাল শহরের সৌরজিৎ". Anandabazar Patrika.
- "Acknowledgements". BBC.
- Young ethical hacker of Siliguri gains praise, retrieved 2021-08-08
- "Over 8 million COVID-19 test results leaked online". Bleeping Computer.
- "করোনা পরীক্ষা করিয়েছিলেন? আপনার ব্যক্তিগত তথ্য যেতে পারে হ্যাকারদের হাতে". Ei Samay Sangbadpatra.
- "Vaccine Registration Targeted by Fake Apps: How to Stay Safe?". The Quint.
- "How SOS Posts on Social Media Are Turning Into a Privacy Nightmare". The Quint.
- "LinkedIn's Data 'Scraped' Not 'Breached': Cyber Security Expert". The Quint.
- "How Cybercriminals Sell Fake Data and Fall for It Too". The Quint.
- "Warding off hackers: Bug bounty hunters working to keep firms cyber secure". Business Standard.
- "সোশাল মিডিয়ার ভুল ধরে অ্যামেরিকার সংস্থার পুরস্কার পেল কিশোর". ETV.
- "Indian state government website exposed COVID-19 lab test results". TechCrunch.
- "Exclusive | West Bengal Health Dept Left Over 1 Lakh Covid-19 Reports Exposed to Public Search". News18.
- "কোভিড আক্রান্তদের তথ্য ফাঁস! স্বীকার করলেন স্বাস্থ্য আধিকারিক". TV9 Bangla.
- "Health Website Leaks 8 Million COVID-19 Test Results".
- "Data of 100,000 Indian Students Leaked Online, Claims Researcher". The Quint.
- "EXPLAINED: HOW THE STUDENT DATA BREACH LEAVES MINORS VULNERABLE TO SEVERAL THREATS". Firstpost.
- "Securing Examination Data: No Child's Play". Internet Freedom Foundation.
- "Indian news portal's server breach exposes 40mn users; hackers selling 700K records for $350". International Business Times.
- "Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users". Inc42.
- "have i been pwned?".
This article "Sourajeet Majumder" is from Wikipedia. The list of its authors can be seen in its historical. Articles taken from Draft Namespace on Wikipedia could be accessed on Wikipedia's Draft Namespace.