BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Decode
      • Data Breach Of 81 Crore Indians:...
      Decode

      Data Breach Of 81 Crore Indians: What Has Been Leaked?

      A US cybersecurity firm found that a threat actor has offered the sale of close to 81.5 crore Aadhaar records of Indian citizens for a price of $80,000.

      By - Hera Rizwan | 31 Oct 2023 4:32 PM IST
    • Boomlive
      Listen to this Article
      Data Breach Of 81 Crore Indians: What Has Been Leaked?

      In a massive data breach, personally identifiable information of 81.5 crore Indians has been up on the dark web for sale, according to a report by US-based cybersecurity firm Resecurity. The stolen data includes Aadhaar and passport details, names, phone numbers, and both temporary and permanent addresses of crores of Indians.

      As reported by Resecurity, on October 9, an individual using the pseudonym "pwn0001" made a post on Breach Forums, a darknet crime forum, where they offered access to a dataset containing 81.5 crore records with information related to "Indian Citizen Aadhaar and Passport." When Resecurity reached out to the hacker, they were open to selling the complete Aadhaar and Indian passport dataset for $80,000 (Rs 66,60,000).

      Decode spoke to two cybersecurity experts who told us what this could mean.

      Also Read:Locked Aadhaar Leaves Assam Residents Without Jobs

      What do we know about the data breach?

      The data set offered by 'pwn0001' includes information such as, name, father's name, phone number, other number, passport number,
Aadhar Number, age, gender, address, district, pin code and state.

      The leaked data sample, currently available freely on Breach Forums, has the details of 1,00,000 people living in India. Resecurity claims to have checked some Aadhaar Card IDs from this piece and found they were real. They checked them on the government website using the 'Verify Aadhaar' feature.

      In another breach, dated August 30, highlighted in the same report, a threat hacker with pseudonym 'Lucius', created a post on Breach Forums to promoting a 1.8 terabyte file that was leaked from an undisclosed "internal law enforcement organization" in India.

      This data set, as per the report, contained "an even more extensive array of PII data than pwn0001's". It contained Voter IDs and driving license records of Indian citizens.

      Also Read:Write Reviews, Earn Money: How Cyberpolice Cracked The Fraud

      What is the source of the leak?

      A News18 report has claimed that the Indian Council of Medical Research (ICMR)’s database was breached. The report also said that the Indian Computer Emergency Response Team (CERT-In) has informed ICMR of the breach and it has to verify it. However, an official confirmation from ICMR is yet to come.

      Speaking to Decode, security researcher Srinivas Kodali alleged that this breach could have more than just one source. "Given the huge number, we can think of a few databases with this scale of data sets. We can rule out electoral data as the leaked data also has details of minors, including 10-year-old's. Even for Covid vaccination, children below 12 were not vaccinated," he said.

      According to Kodali, it could be Aadhaar database, birth and death registration database or passport database. "I am unable to pinpoint any one but it looks like data was a collation of different sets," he said.

      Cybersecurity expert Ritesh Bhatia told Decode that there are ways, like locking biometrics, by which we can safeguard our sensitive information against leak, as now almost every dataset system is linked to biometrics via Aadhaar. "However, whatever damage was supposed to be done, has been done as our data is too vulnerable now."

      Also Read:The 'Laila Rao' Scam That Sold Dreams and Stole Lakhs From Women

      Private data is no more private

      According to Kodali, our system has been created in such a way that now everything is based on Aadhaar as a backbone. "What is scary that it is not very difficult to get hold of somebody else's Aadhaar details, given such massive leaks."

      As Aadhaar is being linked to every system, starting from banks to now property registration, these systems will too inherit Aadhaar-related issues. "Now in many states of India, land digitisation is being carried out, where Aadhaar details are being used and the same problems are arising in property registration," he said.

      The more we share our Aadhaar data, the more it is being traded and will be used by bad actors, he added.

      Bhatia also pointed out, "The Aadhaar-related scams have become so common as now fingerprints are being stolen from government websites. With the recent AePS scams, scammer don't even require OTPs to pull them off."

      Also Read:Scammers Have Found An Easy Way To Clone Fingerprints

      Given the rise in AePS scams, last month, Sourajeet Majumdar, an independent security researcher, helped Decode in unfolding the modus operandi of one such scam in West Bengal. In this case, scammers were stealing fingerprints from digital copies of land deeds found on the official government website, and using it to attack biometric ATMs for draining users’ bank accounts.

      The scammers were exploiting a technical vulnerability of the website which allowed them to download the deed copies in bulk.

      Recently, Moody's Investors Service, a prominent global rating agency, also raised significant concerns regarding India's Aadhaar system, casting doubt on the dependability of biometric technologies.

      Emphasising that ID systems like Aadhaar result in the centralisation of sensitive data within specific organisations and heighten the potential for data breaches, Moody's report advocated for decentralised identity (DID) systems like digital wallets, which leverage blockchain technology to grant users greater control over their personal information and mitigate online fraud risks.

      Also Read:Land Deeds: A New Tool In The Hands Of Scammers Pulling Off AePS Sca Also Read:Why Is Moody's Concerned About Aadhaar In 'Humid' India?


      Tags

      Data PrivacyAadhaarData Leak
      Read Full Article

      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!