Hundreds of women in Gujarat are paying the price for one hospital’s cybersecurity lapse. Sensitive videos from a Rajkot-based private maternity hospital have made their way to porn sites. It took hackers just minutes to break into the hospital's servers, protected by the world’s most common password, 'Admin123'.
Hackers used this password to breach the hospital’s CCTV system and steal hours of footage of women being examined in the gynaecology ward.
The videos later ended up on porn websites, and the links were shared on Telegram channels, where users were prompted to pay for longer videos.
The matter came to light in February this year, when some of the videos found their way to YouTube.
Videos shared on Telegram
Though a few hackers were arrested that same month, the videos were reportedly still up for sale on Telegram until June.
Now, an investigation has revealed that such a cyberattack was not limited to a single hospital.
The hackers reportedly cracked open firewalls in at least 20 states, including cities like Delhi, Pune, and Mumbai. They accessed CCTV footage from hospitals, schools, offices, shopping malls and even private residences.
And it's not that hacking into these CCTV cameras was easy. Hackers just exploited common, weak passwords.
In fact, most of the hacked CCTV systems reportedly used the same default password as the Rajkot hospital -- 'Admin123'.
According to The Times of India, the criminals obtained nearly 50,000 clips from across the country over a nine-month period in 2024.
Teasers of these videos were uploaded to several YouTube channels, with links circulated on Telegram.
The hackers were reportedly charging anywhere between Rs 700 and Rs 4,000 per video.
Centre's notice to states
And this, despite several notices from the Centre asking state governments to improve cybersecurity.
Last year, the Union government told states to stop buying CCTV cameras from suppliers with a history of data breach.
They also introduced new rules to bolster data protection.
But, when authorities can't be bothered to change the default password, what good are security guidelines?
