Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

Aug 7, 2022
Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

[ad_1]

Provident Fund (PF) information of about 28 crore Indians was discovered to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the invention on August 1 and located that particulars corresponding to Common Account Quantity (UANs), names, marital standing, Aadhaar particulars, gender, and checking account particulars had been uncovered on-line. In accordance with Diachenko, he discovered two totally different web protocol (IP) addresses internet hosting two clusters of leaked information. Each of those IPs had been hosted on Microsoft’s Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a put up on LinkedIn. On August 2, Diachenko found two separate IP clusters of information that contained indices known as UAN. Upon reviewing the clusters, he discovered that the primary cluster contained 280,472,941 information, whereas the second IP contained 8,390,524 information.

“After fast evaluation of the samples (utilizing a easy browser), I used to be positive that I’m one thing large and necessary”, Diachenko stated in his put up. Nonetheless, he was not capable of finding who owned the information. Each the IP addresses had been hosted on Microsoft’s Azure platform and had been India-based. He wasn’t capable of get hold of different info through a reverse DNS evaluation.

The Shodan and Censys search engines like google from Diachenko’s SecurityDiscovery agency discovered these clusters on August 1. Nonetheless, it’s not clear how lengthy the data was obtainable on-line. The information might’ve been misused by hackers to realize entry to the PF account. Knowledge corresponding to identify, gender, Aadhaar particulars, is also used to create pretend identities and paperwork.

The researcher tagged the Indian Laptop Emergency Response Workforce (CERT-In) in a tweet informing them concerning the leak. The CERT-In replied to his tweet asking him to supply a report of the hack in an e mail. Each IP addresses had been taken down inside 12 hours after his tweet. Diachenko says that since August 3, no firm or company has come ahead to take duty for the hack



[ad_2]