BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Decode
      • Government Plugs Cloud Security...
      Decode

      Government Plugs Cloud Security Leak That Exposed Data For Over 2 Years

      The problem involved indeterminate sensitive information being exposed through the government's cloud service, S3WaaS.

      By - Hera Rizwan | 8 April 2024 1:31 PM IST
    • Boomlive
      Listen to this Article
      Government Plugs Cloud Security Leak That Exposed Data For Over 2 Years

      The Indian government has plugged a longstanding cybersecurity leak, which exposed vast amounts of citizens' data for over two years, after persistent complaints and follow-ups by an independent security researcher.

      Sourajeet Majumdar, a security researcher who brought the breach to light, told Decode numerous documents containing personal information of citizens, such as Aadhaar numbers, COVID-19 vaccination records, and passport details, were publicly accessible online.

      "I became aware of the breach in 2022, following which I promptly notified the authorities and sought assistance from the Internet Freedom Foundation, " Majumdar told Decode.

      "Throughout the process, although efforts were made to address some breaches, new ones continued to emerge on the open internet."

      It wasn't until last week that the issue was finally resolved in its entirety, Majumdar said.

      Internet Freedom Foundation is an Indian digital rights organisation which works in the domain of strategic litigation, policy engagement and civic literacy.

      Also Read:Why Anti-Spam App Doosra That Fought For Users' Privacy Shut Down

      Government's Cloud Service Found To Be Point Of Leak

      The Indian government's cloud service, known as S3WaaS, was found to be the point of leak. S3WaaS stands for Secure, Scalable and Sugamya Website as a Service. It has been touted as a cloud service which can "generate secure websites using GIGW (Guidelines for Government Websites)".

      The service has been aimed at making websites user friendly, bringing in uniformity and ensuring transparency, accessibility and seamless dissemination of information.

      The vulnerability, initially observed on January 16, 2022, exposed sensitive personal data, which could be readily accessed through a simple Google search. This data included Personally Identifiable Information (PII) such as the beneficiary's name, type of beneficiary, vaccination status, vaccination dose status, mobile number, document type (e.g., Aadhar, voter ID, PAN card, driver's license, passbook, passport, health insurance, service identity card, etc.), document number, age, pincode, state/union territory, district, block, facility, facility category, and registered date.

      These details were accessible because they were indexed by search engines. Additionally, numerous malicious actors also took advantage of the vulnerability and subsequently released the data on various data breach marketplaces.

      The breach turned out to be more extensive than initially expected. The misconfiguration vulnerability on the website enabled access to numerous confidential documents, including some containing sensitive and protected information of Indian citizens.

      According to Majumdar, the volume data leaked was so much that "it was not possible to accurately estimate its true extent". In an email sent to Decode, the security researcher also shared documents which contained masked screenshots of the leaked data.

      Also Read:Influencers Drum Up Publicity For The Government Without Disclaimers

      Are data leaks plaguing India's cybersecurity?

      Initially, Majumdar reported the incident to India’s computer emergency response team, CERT-In, and the National Informatics Centre. CERT-In promptly acknowledged the issue and removed links containing sensitive files from public search engines. However, despite repeated warnings about the data spill, personal information of some individuals continued to be exposed through the Indian government cloud service as recently as last week.

      Recognising the seriousness of the situation and with evidence of ongoing exposures of private data, Majumder sought assistance from TechCrunch, a tech-focused media group, to secure the remaining data. TechCrunch reported some of the exposed data to CERT-In, and Majumder confirmed that those files are no longer publicly accessible.

      The data leak in question contributes to a series of significant leaks that have occurred previously, varying in size from some comparable in scale to others smaller in volume. In fact, India ranked 5th in the list of most breached countries with 5.3 million leaked accounts in 2023.

      In October 2023, Resecurity, an American cyber security company, highlighted how the personally identifiable information of 815 million Indian citizens, including Aadhaar numbers and passport details, were being sold on the dark web.

      Earlier in the same year, there were reports of a suspected leak in the CoWIN portal. A bot on the messaging platform Telegram was said to be disclosing the personal information of Indian citizens. This data purportedly included names, Aadhaar numbers, and passport numbers of individuals who had registered with the COVID-19 vaccine network for vaccination purposes.

      Also Read:BJP Opponents Targeted With Surrogate Ads Worth ₹3.7cr On Facebook In March


      Tags

      Data Leakcyber securityAadhaar
      Read Full Article

      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!