Indian IT giant Infosys says it was hacked by group that leaked CEO's personal data

Infosys CEO Ravi Kumar S had his email and phone number leaked along with what appeared to be his passport details and ID documents, according to screenshots posted by the hacktivist group.<br><br>Hackers said they were able to breach the company's system using an exploit in the software suite Open Authorization (Oauth).<br><br>In a statement, Infosys said it was investigating the breach and that the data posted online appeared to be stolen from its system.<br><br>The company claimed it had isolated and contained the issue.<br><br>"The matter is being investigated, and appropriate and necessary actions are being taken to prevent any potential damage," Infosys said.<br><br>The hacktivist group, which calls itself "Nightmare", claimed it had been able to access various internal systems, including employee databases, project details and employee health records.<br><br>They posted screenshots of a text-based interface that appeared to show the company's internal system, with options to access different databases and tools.<br><br>One of the screenshots showed what appeared to be an employeedatabase, along with names, phone numbers and email addresses of employees.<br><br>The group claimed it had found vulnerabilities in the company's system, including an exploit in the software suite Open Authorization (Oauth).<br><br>Oauth is a standard authorization framework widely used across the internet to allow users to grant applications limited access to their accounts on another service provider's website, without sharing their login credentials.<br><br>"We discovered several vulnerabilities in the Infosys system, including the Oauth exploit, which allowed us to access the system without needing any credentials," the group said.<br><br>"Their security is very poor. We didn't need to use any sophisticated tools or malware to breach their system. We just used the exploit and were able to access everything."<br><br>The group claimed it had accessed various internal systems, including employee databases, project details and employee health records.<br><br><br>Infosys, India's second-largest IT services company, has a market capitalization of around $100 billion.<br><br>It counts several Fortune 500 companies, including IBM, Microsoft and Oracle, among its clients.<br><br>Infosys was founded in 1981 by seven engineers led by N R Narayana Murty.<br><br>It has grown from a small start-up to become one of the world's largest IT services companies.<br><br>"This breach is a wake-up call for Infosys and all other companies to take cybersecurity seriously," said Sivarama Krishnan, a cybersecurity expert.<br><br>"They need to invest more in security and ensure that their systems are secure and protected from such breaches."<br><br>The breach has sparked concerns about the potential impact on Infosys' clients, including several Fortune 500 companies.<br><br>"This breach could have severe consequences for Infosys and its clients," said Mrinal Mukherjee, a cybersecurity expert.<br><br>"If the hackers were able to access sensitive information about Infosys' projects and clients, it could lead to a loss of business for the company and damage its reputation."