Sourajeet Majumder

=Sourajeet Majumder=

Sourajeet Majumder (born 24 September 2003) is an Indian Ethical Hacker, Security Researcher and Cyber Expert. Till date Majumder has helped securing multiple Indian Government sites.. , MNCs, Universities besides many other organizations. He is currently one of the youngest Ethical Hacker in India.

Sourajeet first came into the limelight after pointing out a highly critical vulnerability   in the official government website of Ministry of Health & Family Welfare (West Bengal) and since then he has been found actively contributing towards online security    and fighting disinformation  in the the cyber space.

Life
Sourajeet was born and brought up in Siliguri, a small city in West Bengal. From a very early age, he was attracted towards technology and was often found meddling with computers and other electronic gadgets. It was in his early school days that he first came across the word "Hacking" while searching for ways to crack the password of his brother's android device. By using a simple ‘Brute-force’ tool, which was available for free on the Internet, he managed to unlock the device. This incident helped him to dive deep into the field. Soon Majumder realized that he could use his skills for social good. At the age of 16, he bagged his first Bug bounty reward from Tumblr.

1. Leakage Of Covid-19 Test Reports:
In February 2021, Majumder claimed that he had discovered a highly critical vulnerability in the official website of Ministry of Health & Family Welfare (West Bengal) which if exploited could have resulted in the leakage of over 8 Million Covid-19 Test Reports. According to Majumder, after discovering the flaw he quickly communicated with the CERT-IN who acknowledged the breach to Majumder. Sourajeet also claimed that he had reached out to the system coordinator, who manages the website but didn't receive any response from him. However, according to a media report few days after the incident, a government-appointed health official acknowledged the flaw and said it would be fixed immediately. Later reports published by Bleeping Computer and TechCrunch shared that the vulnerability was fixed and could no longer be exploited.

2. Students Data Leaked Online:
In March 2021, Sourajeet claimed that PII data of thousands of Indian students could be easily accessed by a simple Google search technique. According to him this data was getting leaked from multiple websites belonging to educational institutes and from publicly uploaded documents on Scribd. Majumder claims to have discovered the data of many private schools, college and university students which included students' names, parents' names, phone numbers, email addresses and Aadhar card numbers.

Later in July 2021, similar concerns regarding the leakage and sale of Indian students' data was brought up the Internet Freedom Foundation.

3. Alleged Moneycontrol Data Breach:
In April 2021, Majumder tweeted that personal data of over 7 lakh registered users of Moneycontrolwere available on a hacker's forum for just $350. . According to him the leaked data consisted of user emails and plain text passwords besides other details. Majumder further claimed that he was able to verify the login credentials which the hackers had shared as sample. This received a lot of attention and the Chief Technology Officer of Network18 replied to the tweet thread calling it an old data set with which Majumder highly disagreed. A couple of days later it was found that a lot of users received a password change mail from Moneycontrol which Majumder in a press report called "a sneaky way" of asking users to change their passwords, without letting them know about the breach.

Later in the month of May, Troy Hunt appreciated the effortsmade by Majumder in bringing this breach out and added the leaked data set as a part of Have I Been Pwned