Hyderabad: In an alarming alarming development, it has been alleged that the Telangana police app sent personal details of guests living in hotels in Hyderabad to an American blockchain company without any consent via its now-hacked app, TSCOP.
The system was created in 2022 during the tenure of the previous BRS government.
Levelling the allegation of data sharing on X, prominent cyber security expert Srinivas Kodali claimed that the personal details of hotel guests in Hyderabad, including information about their companions, had been shared with an American cryptocurrency firm named Zebichain.
Srinivas on his X handle asked the police: “Why are you collecting details of everyone who checks-in into a hotel in Hyderabad and why are you sending them to a blockchain company - Zebichain?”
He attached two screenshots of repositories which showed a Javascript page where the data of guests was collected. It included the guest name, check-in and check-out date and time details, the ID proof the guest submitted and its number, the vehicle number of the guest, address and photograph.
Mahesh Murthy, a marketer, tweeted a thread with Srinivas’s post and revealed a number of details. In one of his tweets, he said that Zebichain is “a near-defunct crypto company based in California”.
“Zebi USA in their white paper claim that they have a large contract with an Indian state — which I deduce to be Andhra Pradesh — for managing land records. How this data can leave government hands, or even India — I do not know,” he wrote.
Murthy said “There are over 1,100 hotels in Hyderabad — and assuming an average of 25 rooms across each, and an average occupancy of 75%, with an average of 1.5 people per room — that indicates that up to 1 crore names of hotel residents a year have been sent illegally every year to the US (sic).”
The screenshots Srinivas posted showed the repository’s folders, named Courts and Prosecutions, Crime Investigation, CCTV Visitings, Ganesh Pandal, PD Act, Rowdy Sheeter, Dial100, Hawkeye, Important Contacts, Personal Services and other critically serious datasets.
The TSCOP app is widely used by the Telangana police for administrative purposes. It is designed to store and manage data related to public safety and security. However, its recent hack has raised concerns about the app's security measures and the handling of sensitive information.
Srinivas's allegations have sparked widespread concern among the public and privacy advocates. Many are questioning how and why a foreign cryptocurrency company would need access to such detailed personal information. Moreover, the lack of informed consent is a significant legal and ethical issue.
Despite such significant developments in the situation, the Telangana police has not given any official information. Reports said that the police are investigating the initial HawkEye app breach incident, but there is no information from the department’s side about the breaches in the TSCOP app and the Telangana State Police SMS Service access hacking.
Despite the silence from the department, the controversy continues to grow. People and privacy experts are calling for a thorough investigation into the matter. “Serious security breach of citizens. We live in a surveillance state”, a user wrote on X.
