The Hawk Eye app, a widely used citizen-friendly crime reporting tool developed by the Telangana State Police in India, has allegedly fallen victim to a substantial data breach, as per sources who have informally spoken to The Cyber Express. Reports suggest that the breach was orchestrated by a threat actor known as “Adm1nFr1end.”
The breach claims surfaced on May 29 on the data leak platform BreachForums, where the threat actor asserted that they had accessed the stolen database containing users’ Personally Identifiable Information (PII). This information includes names, email addresses, phone numbers, physical addresses, IMEI numbers, and location coordinates.
In a bid to validate the data breach assertion, the threat actor provided sample records bearing the latest timestamp of May 2024. The database reportedly encompasses 130,000 SOS records, 70,000 incident reports, and 20,000 travel detail records.
The Hawk Eye App was introduced by the Telangana Police in December 2014 to cater to the public’s crime reporting needs conveniently. The app allows users to report various activities, from traffic violations to criminal information and suggestions for enhancing police operations, along with an SOS feature for emergencies.
When users log into the app, they are prompted to disclose personal information such as their name, email ID, mobile number, and password for registration. Presently, the app boasts a solid 4.4 rating on the Google Play Store, with over 500,000 downloads on Android alone.
Samples of the breached data divulged alarming instances, including a woman reporting threats from a former partner, exposing her personal details and potential vulnerabilities. Other instances showcased citizens filing complaints about traffic violations, with their login information, including names and contact details, being compromised.
Evidently, all these cases were filed exclusively in May 2024, indicating that the Hawk Eye App’s data breach occurred recently.
Following the breach revelation, The Cyber Express conducted tests on the app on May 31, noting its non-functional state post login attempts. Additionally, efforts to download the app from the Apple Store proved unsuccessful, hinting at potential issues.
Telangana Police sources indicated that an app update failure might have led to the breach, with ongoing efforts to rectify the situation through patch updates and collaboration with vendors. The responsibility of upgrading the Hawk Eye App has been assigned to developers, ensuring compatibility with the latest Android versions.
While Additional Director General of Police VV Srinivasa Rao confirmed the ongoing upgrade process, DGP Shikha Goel was unavailable for comment on the matter. Updates on the situation will be provided as more information unfolds.
In conclusion, the Hawk Eye App’s alleged data breach serves as a cautionary tale, emphasizing the importance of robust cybersecurity measures in safeguarding sensitive user information. The incident underscores the critical need for prompt action and transparency in addressing such breaches to mitigate potential risks and protect user privacy and security.