Accused threatened to leak critical data of fantasy sports app Dream 11 on dark web if demands were not met
Hacker allegedly compromised over 1,200 GitHub repositories of Dream11. Representation Pic
In a case of digital extortion, Maharashtra Cyber has arrested a man in Bangalore for allegedly hacking the data source of Dream11, a fantasy sports platform with over 20 crore users. The hacker breached the company's system and sent a threatening email, providing samples of the stolen data and demanding payment in exchange for its return. He warned that if his demands were not met, he would release the entire data set on the dark web, where it could be sold to interested buyers.
ADVERTISEMENT
According to Maharashtra Cyber, Sports Technologies Private Limited, which operates the Dream11 platform, received an email from a hacker on August 11 from an unknown Gmail account. The email read, "I want to bring to your attention that your GitHub account has been compromised, and over 1,200 repositories are accessible. For your reference, I have attached some examples of the compromised repositories and included the names of others for verification. Review the attached information and let me know if you would like to take action to prevent these repositories from being uploaded to the dark web."
The IT officials reviewed the email and examined the 20 attached folders. They discovered that several source codes related to their company were included. Further investigation by the technical team confirmed that the code from the hacked data was indeed being developed by the company. To ensure data safety, the company responded to the hacker and agreed to establish contact. In response, the hacker emailed back saying, "The market is ready to purchase the entire data from your GitHub repositories, and it will soon be easily accessible on the dark web. If you wish to make an offer to prevent this data from being sold, please let me know. Otherwise, you are likely aware of how crucial this data is to you."
According to Maharashtra Cyber, the company recognised the critical nature of the data and the severe impact its leakage could have. They also determined that the individual was attempting to extort them to prevent the data from being leaked. The company officials initially filed a verbal complaint with Maharashtra Cyber.
Based on the technical details in the threat email, Maharashtra Cyber officials with the help of local police apprehended the accused in Bangalore, where he was found working from a residential building. The arrested individual, identified as Abhishek Pratap Singh, was presented in court on Thursday and remanded to police custody. He was charged under Sections 308(2) (Extortion), 303 (2) (Theft), 351 (4) (Criminal Intimidation) of the BNS, and relevant sections of the IT Act.
August 11
Day hacker sent company extortion email