Diachenko told TechCrunch that “the exposed data included full names, nationality, date of birth, gender, passport numbers, passport issuing authority and expiration date that various crew members of vessels and ships submitted for their travel. Similarly, there were invoices, shipping orders and bills of lading among the sensitive pieces of information.”
The exposed AWS S3 keys could have allowed threat actors to get higher privileges and gain access to the National Logistics Portal infrastructure, Diachenko says. This created the possibility for ransomware attacks. Threat actors could have taken advantage of the access to the system to encrypt critical information and make it inaccessible to the waterways authorities.
As a part of its digitization initiative, the Central Government launched the National Logistics Portal (Marine) in January this year. The portal functions as a one-stop platform where all maritime stakeholders get integrated for easier and speedier services. The platform is aimed at reducing regulatory complexities and making a push for paperless trade.
Logistics such as the management of customs documents, paying fees, tracking shipments, and other port activities can be seamlessly conducted at this portal. According to Diachenko, the leak was reported to Indian authorities and the problem has now been fixed.
While inagurating the National Logistics Portal in January, Union Minister Sarbananda Sonowal had said that the portal “will be a single window for all trade processes of the logistics sector spread across the country covering all modes of transport in the waterways, roadways, and airways to provide a seamless end-to-end logistic service coverage.”