#FactCheck-No Evidence India Returned Iranian Oil After Trump-Modi Call
Executive Summary
A claim circulating on social media alleges that India refused to unload crude oil from two Iranian tankers following a call between US President Donald Trump and Prime Minister Narendra Modi, after the US announced fresh restrictions on Iranian oil exports. However, research by the CyberPeace Research Wing found the claim to be misleading. The probe revealed that two supertankers carrying Iranian crude are currently anchored off India’s western and eastern coasts. No credible evidence or reports suggest that India refused to unload the cargo or sent the vessels back.
Claim
A user on X claimed that India returned 2 million barrels of Iranian crude oil after a phone call from Donald Trump. According to the post, India had already paid for the oil and the tanker was en route, but following the call with Narendra Modi, authorities refused to unload the shipment and sent the tanker back to Iran.

Fact Check
No credible national or international media reports were found to support the claim that India refused to accept Iranian oil or returned the tankers. Given the global scrutiny on oil shipments amid tensions in West Asia, any such development would have drawn widespread coverage. According to Reuters, two large crude carriers loaded with Iranian oil reached Indian ports on April 13. The Iran-flagged Felicity arrived near Sikka port in Gujarat, while the Curacao-flagged Jaya reached Paradip port in Odisha. The report noted that this marked the first purchase of Iranian oil by Indian refiners since 2019.

Further, The Times of India reported that Felicity, owned by the National Iranian Tanker Company, anchored off Sikka on April 12 carrying around 2 million barrels of crude loaded from Kharg Island in mid-March. The second tanker, Jaya, also anchored near Paradip around the same time, having departed with a similar volume of crude in late February. While the buyers of these cargoes have not been officially disclosed, Paradip port is primarily used by Indian Oil Corporation, while Sikka port is used by Reliance Industries and Bharat Petroleum Corporation.

Conclusion
The viral claim is false and misleading. Available evidence shows that the Iranian oil tankers are stationed near Indian ports, and there is no confirmation that India refused to unload the cargo or sent the vessels back.
Related Blogs
%20(1).webp)
Disclaimer:
The information is based on claims made by threat actors and does not imply confirmation of the breach, by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.
🚨 Data Breach Alert ⚠️:
Recently The Research Wing of CyberPeace and Autobot Infosec have come across a claim on a threat actor’s dark web website alleging a data breach involving 637k+ records from Federal Bank. According to the threat actor’s claim, the data allegedly includes sensitive details such as-
- 🧑Customer Name
- 🆔Customer ID
- 🏠 Customer Address
- 🎂 Date of Birth
- 🔢 Age
- 🚻 Gender
- 📞Mobile Number
- 🪪 PAN Number
- 🚘 Driving License Number
- 🛂 Passport Number
- 🔑 UID Number
- 🗳️ Voter ID Information
The alleged data was initially discovered on a dark web website, where the threat actors allegedly claimed to be offering the breached information for sale. Following their announcement of the breach, a portion of the data was reportedly published on December 27, 2024. A few days later, the full dataset was allegedly released on the same forum.
About the Threat Actor Group:
Bashe, a ransomware group that emerged in 2024, is claimed to have evolved from the LockBit ransomware group, previously operating under the names APT73 and Eraleig. The group employs data encryption combined with extortion tactics, threatening to release sensitive information if ransom demands are unmet. Their operations primarily target critical industries, including technology, healthcare, and finance, demonstrating a strategic focus on high-value sectors.

Breakdown of the Alleged Post by the Threat Actor:
- Target: Allegedly involves Customer’s Data of Federal Bank.
- Data Volume: Claimed breach includes 637,894 records.
- Data Fields: Threat actor claims the data contains sensitive information, including Customer name, Customer ID, Date of Birth, PAN Number, Age, Gender, Father Name, Spouse Name, Driving Licence, Passport Number, UID Number, Voter ID, District, Zip Code, Home Address, Mailing Address, State etc.
Analysis:
The analysis of the alleged data breach highlights the states purportedly most impacted, along with insights into the affected age groups, gender distribution, and other key insights associated with the compromised data. This evaluation aims to provide a clearer understanding of the claimed breach's scope and its potential demographic and geographic impact.
Top States Impacted:
As per the alleged breached data, Tamil Nadu has the highest number of affected customers, accounting for a significant 34.49% of the total breach. Karnataka follows closely with 26.89%, indicating a substantial number of individuals affected in the state. In contrast states such as Uttar Pradesh, Haryana, Delhi, and Rajasthan report minimal impact, with each state having less than 1% of affected customers. Gujarat records 3.70% of the breach, with a sharp drop in affected numbers from other states, highlighting a significant disparity in the extent of the breach across regions.

Impacted Age Range Statistics:
The alleged data breach has predominantly impacted customers in the 31-40 years age group, which constitutes the largest segment at 35.80% of the affected individuals. Following this, the 21-30 years age group also shows significant impact, comprising 27.72% of those affected. The 41-50 years age group accounts for 20.55% of the impacted population, while individuals aged 50 and above represent 12.68%. In contrast, the 0-20 years age group is the least affected, with only 3.24% of customers falling into this category.

Gender Wise Statistics:
The alleged data breach has predominantly impacted male customers, who constitute the majority at 74.05% of the affected individuals. Female customers account for 23.18%, while a smaller segment, categorized as "Others," constitutes 2.77%.

The alleged dataset from the threat actors indicated that a significant portion of customers' personal identification data was compromised. This includes sensitive information such as driving licenses, passport numbers, UID numbers, voter IDs, and PAN numbers.
Significance of the Allegations:
Though the claims have not been independently verified at our end it underscores the rising risks of cyberattacks and data breaches, especially in the financial and banking sectors. If true, the exposure of such sensitive information could lead to financial fraud, identity theft, and severe reputational damage for individuals and organizations alike.
CyberPeace Advisory:
CyberPeace emphasizes the importance of vigilance and proactive measures to address cybersecurity risks:
- Monitor Your Accounts: Keep a close eye on financial and email accounts for any suspicious activity.
- Update Passwords: Change your passwords immediately and enable Multi Factor Authentication(MFA) wherever possible.
- Beware of Phishing Attacks: Threat actors may exploit the leaked data to craft targeted phishing scams. Do not click on unsolicited links or share sensitive details over email or phone.
- For Organizations: Strengthen data protection mechanisms, regularly audit security infrastructure, and respond swiftly to emerging threats.
- Report: For more assistance or to report cyber incidents, visit https://cybercrime.gov.in or contact our helpline team at helpline@cyberpeace.net.
We advise affected parties and the broader public to stay alert and take necessary precautions. CyberPeace remains committed to raising awareness about cybersecurity threats and advocating for better protection mechanisms. We urge all stakeholders to investigate the claims and ensure appropriate steps are taken to protect the impacted data, if the breach is confirmed. Our Research Wing is actively observing the situation and we aim to collaborate with the stakeholders and relevant agencies to mitigate the impact.
Stay Vigilant! Stay CyberPeaceful.

Executive Summary:
In the digital world, people are becoming targets more and more of online scams, which rely on deception. One of the ways the social media is being used for the elections in recent time, is the "BJP - Election Bonus" offer that promises a cash prize of Rs. 5000 or more, through some easy questionnaire. This article provides the details of this swindle and reveals its deceptive tricks as well as gives a set of recommendations on how to protect yourself from such online fraud, especially during the upcoming elections.
False Claim:
The "BJP - Election Bonus" campaign boasts that by taking a few clicks of the mouse, users will get a cash prize. This scheme is nothing but a fake association with the Bharatiya Janata Party (BJP)’s Government and Prime Minister Shri Narendra Modi and therefore, it uses the images and brands of both of them to give the scheme an impression of legitimacy. The imposters are taking advantage of the public's trust for the Government and the widespread desire for remuneration to ensnare the unaware victims, specifically before the upcoming Lok Sabha elections.

The Deceptive Scheme:
- Tempting Social Media Offer: The fraud begins with an attractive link on the social media platforms. The scammers say that the proposal is related to the Bharatiya Janata Party (BJP) with the caption of “The official party has prepared many gifts for their supporters.” accompanied by an image of the Prime Minister Shri Narendra Modi.
- Luring with Money: The offer promises to give Rs.5,000 or more. This is aimed at drawing in people specifically during election campaigns; and people’s desire for financial gain.
- Tricking with Questions: When the link is clicked, the person is brought to the page with the simple questions. The purpose of these questions is to make people feel safe and believe that they have been selected for an actual government’s program.
- The Open-the-Box Trap: Finally, the questions are answered and the last instruction is to open-the-box for the prize. However, this is just a tactic for them to make you curious about the reward.
- Fake Reward and Spreading the Scam: Upon opening the box, the recipient will be greeted with the text of Rs. 5000. However, this is not true; it is just a way to make them share the link on WhatsApp, helping the scammers to reach more victims.
The fraudsters use political party names and the Prime Minister's name to increase the plausibility of it, although there is no real connection. They employ the people's desire for monetary help, and also the time of the elections, making them susceptible to their tricks.
Analytical Breakdown:
- The campaign is a cleverly-created scheme to lure people by misusing the trust they have in the Government. By using BJP's branding and the Prime Minister's photo, fraudsters aim to make their misleading offer look credible. Fake reviews and cash reward are the two main components of the scheme that are intended to lure users into getting involved, and the end result of this is the path of deception.
- Through sharing the link over WhatsApp, users become unaware accomplices that are simply assisting the scammers to reach an even bigger audience and hence their popularity, especially with the elections around the corner.
- On top of this, the time of committing this fraud is very disturbing, as the election is just round the corner. Scammers do this in the context of the political turmoil and the spread of unconfirmed rumors and speculation about the upcoming elections in the same way they did earlier. The fraudsters are using this strategy to take advantage of the political affiliations by linking their scam to the Political party and their Leaderships.
- We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by the Party.
- Domain Analysis: The campaign is hosted on a third party domain, which is different from the official website, thus creating doubts. Whois information reveals that the domain has been registered not long ago. The domain was registered on 29th march 2024, just a few days back.

- Domain Name: PSURVEY[.]CYOU
- Registry Domain ID: D443702580-CNIC
- Registrar WHOIS Server: whois.hkdns.hk
- Registrar URL: http://www.hkdns.hk
- Updated Date: 2024-03-29T16:18:00.0Z
- Creation Date: 2024-03-29T15:59:17.0Z (Recently Created)
- Registry Expiry Date: 2025-03-29T23:59:59.0Z
- Registrant State/Province: Anhui
- Registrant Country: CN (China)
- Name Server: NORMAN.NS.CLOUDFLARE.COM
- Name Server: PAM.NS.CLOUDFLARE.COM
Note: Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.
CyberPeace Advisory and Best Practices:
- Be careful and watchful for any offers that seem too good to be true online, particularly during election periods. Exercise caution at a high level when you come across such offers, because they are usually accompanied by dishonest schemes.
- Carefully cross-check the authenticity of every campaign or offer you’re considering before interacting with it. Do not click on suspicious links and do not share private data that can be further used to run the scam.
- If you come across any such suspicious activity or if you feel you have been scammed, report it to the relevant authorities, such as the local police or the cybercrime section. Reporting is one of the most effective instruments to prevent the spread of these misleading schemes and it can support the course of the investigations.
- Educate yourselves and your families on the usual scammers’ tricks, including their election-related strategies. Prompt people to think critically and a good deal of skepticism when they meet online offers and promotions that evoke a possibility to obtain money or rewards easily.
- Ensure that you are always on a high level of alert as you explore the digital field, especially during elections. The authenticity of the information you encounter should always be verified before you act on it or pass it over to someone else.
- In case you have any doubt or worry regarding a certain e-commerce offer or campaign, don’t hesitate to ask for help from reliable sources such as Cybersecurity experts or Government agencies. A consultation with credible sources will assist you in coming up with informed decisions and guarding yourself against being navigated by these schemes.
Conclusion:
The "BJP - Election Bonus" campaign is a real case study of how Internet fraud is becoming more popular day by day, particularly before the elections. Through the awareness of the tactics employed by these scammers and their abuse of the community's trust in the Government and political figures, we can equip ourselves and our communities to avert becoming the victim of such fraudulent schemes. As a team, we can collectively strive for a digital environment free of threats and breaches of security, even in times of high political tension that accompany elections.

Introduction
Meta has announced that E2EE in Instagram direct messages is ending entirely. Every day, billions of people send messages they consider private. A medical update to a family member. A photograph meant for one person. A conversation they would never have in public. For years, end-to-end encryption (E2EE) was the technology that made that privacy possible: the digital equivalent of a sealed envelope that only the sender and receiver could open. After May 8, 2026, this will change.
Understanding the Adoption Gap
Meta pointed to low user adoption as the reason for this change. Few people were using encrypted messaging on Instagram, the company said, so the feature was not worth keeping. That explanation raises some questions. Encryption was never switched on by default. Users had to find it and turn it on themselves. It was not advertised. And it was only available in certain regions to begin with, something Meta noted on its own Help Centre page. Features that require users to actively seek them out tend to get used far less than those that simply work from the start. WhatsApp demonstrates this clearly; encryption has been on by default since 2016, for every user, with no action required. Back in 2019, Mark Zuckerberg spoke publicly about building privacy into Meta’s messaging platforms as a core direction for the company. The current decision shows a different vision for the company.
The Commercial Dimension
Encrypted message content is not accessible for advertising purposes by design. In December 2025, Meta updated its privacy policy to allow interactions with its Meta AI assistant to inform personalized advertising recommendations across its platforms. With encryption removed from Instagram direct messages, the content of those conversations enters a data environment that already serves Meta’s advertising systems. Meta has not made a direct public statement connecting these two decisions, but technology analysts and privacy researchers have noted the commercial implications of making previously inaccessible message content available within that ecosystem.
What This Means for Users
From May 8, 2026, the content of Instagram direct messages will be accessible to Meta’s systems. This includes messages relating to personal matters that users may have previously sent under the assumption of encryption. A related concern is the question of data security. Unencrypted message content stored on platform servers creates a larger surface area of sensitive information that could be exposed in the event of a security breach. As platforms collect and retain greater volumes of personal data, the potential consequences of unauthorised access grow correspondingly.
But, there is an argument on the other side. Law enforcement agencies and child safety organisations have long maintained that end-to-end encryption limits their ability to detect and act on harmful content. Removing encryption does make certain forms of platform-level content moderation technically feasible where they were not before.
India’s Supreme Court: The Warning Nobody Heeded
India’s Supreme Court said it plainly when hearing the case against Meta’s 2021 WhatsApp privacy policy, which forced hundreds of millions of users to accept data sharing with Facebook or lose access entirely. Chief Justice Surya Kant called it “a decent way of committing theft of private information” and asked how ordinary people could meaningfully consent to policies written in language they cannot understand. He made it human with one line: “A poor woman selling fruits on the streets — will she understand the terms of your policy?” The court ordered Meta not to share a single word of user data until the case is resolved. When Meta’s lawyers argued that encryption protects users anyway, the bench pushed back: encryption protects message content, not the metadata surrounding it. Who you talk to, how often, at what time, from where: all of it is still harvested. The Competition Commission’s own advocate summarised the entire arrangement in four words: “We are the products.”
WhatsApp: A Question Worth Asking
Instagram, Messenger, and WhatsApp are three products inside one ecosystem, owned by Meta, serving one business model. Instagram’s encryption is already gone. Is WhatsApp next in line ?
WhatsApp has over 850 million monthly active users in India alone. People do not use it for entertainment, it is how families talk, how businesses run, how essential daily communication happens. It is infrastructure, not an app. Meta acquired it in 2014 promising no ads, no data exploitation. By 2021 that promise was already bending. By 2025 ads appeared in the Status section. Both original co-founders had long since left the company over exactly these concerns. Instagram’s encryption survived until it conflicted with revenue and regulation. WhatsApp’s encryption exists today under the same ownership, the same business model, and the same tightening global regulatory pressure. That is not a reason to panic. It is a reason to pay attention.
Conclusion
Encryption is not permanent. It is a design choice, and like any design choice, it can be undone when priorities shift. After May 8, 2026, Instagram direct messages will no longer be protected the way they once were. For most users, this change will pass unnoticed. But the data those conversations contain will now be accessible in ways it previously was not. What platforms do with user data is rarely announced loudly. Paying attention to the quiet changes matters.
References
- https://help.instagram.com/491565145294150
- https://www.theguardian.com/technology/2026/mar/18/instagram-to-remove-end-to-end-encryption-for-private-messages-in-may
- https://www.androidpolice.com/why-meta-is-getting-rid-of-e2ee/
- https://digitalpolicyalert.org/change/13307
- https://www.skadden.com/insights/publications/2025/06/take-it-down-act
- https://timesofindia.indiatimes.com/india/you-cant-play-with-right-of-privacy-of-citizens-scs-big-warning-to-whatsapp-meta-over-take-it-or-leave-it-policy/articleshow/127878524.cms#
- https://proton.me/blog/instagram-end-to-end-encryption
- https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind/