In a scary discovery that could have massive implications for Indians, Provident Fund (PF) related data of over 28 crore Indians was found to have been leaked and dumped on the internet earlier this month.
The discovery was made by Ukraine-based cybersecurity researcher Bob Diachenko during a routine sweep of the internet for exposed data. Diachenko, on August 1, found that two clusters of data from two different internet protocol (IP) addresses were hosting the leaked data, which included Universal Account Numbers (UANs), names, genders, marital status, AADHAR details and bank account details of the users.
“After a quick review of the samples, I was convinced that I am looking at something big and important. It was not immediately clear who is the owner of the data. Both IPs were Azure-hosted and Indiabased. No other information was obtained through reverse DNS analysis as well,” Diachenko said.
Azure is a cloud computing and data storage service by Microsoft. DNS stands for Domain Name System a systematic system that helps experts identify computers that are reachable through the internet and is often regarded as the 'telephone directory' of the internet.
Diachenko observed that the two pages showed up in searches conducted through Shodan and Censys– advanced search engines that let hackers and cyber experts identify exposed devices and information connected to the internet. While one cluster had 28.04 crore records, the other had 83.90 lakh entries.
“Both Shodan and Censys search engines picked them up on August 1, but it is unknown for how long this information was exposed before search engines indexed them,” Diachenko said.
He immediately tweeted about the exposed data tagging the Indian Computer Emergency Response Team (CERT-In). Shortly after his tweet, both the clusters were taken off the internet.
“I am in touch with the Indian authorities but there has been no comment from them as yet, and no clue as of where it came from,” Diachenko told the Free Press Journal.
Data leaks are always regarded with utmost seriousness and they open the doors for a wide range of cybercrimes. Aside from the obvious possibility of the details being misused to hack into the PF accounts of Indians, authorities are also worried that the personal details in the leaked data could be misused to create bogus identity documents, obtain loans in the names of the exposed people and target them in phishing scams.
The dark web has dedicated forums that serve as illegal marketplaces, where leaked data is sold to the highest bidder. The Free Press Journal reached out to Director General Sanjay Bahl of CERT-In but received no response.
