Skip to main content

Biggest Data Theft in India's History

By

An American cybersecurity and intelligence agency, Resecurity, has issued an alert about a potential data breach involving Aadhaar and passport information of over 815 million Indian citizens. The alert, which was posted by a threat actor known as 'pwn0001' on 'Breach Forums' on October 9, 2023, has raised concerns about the security of sensitive personal data for a significant portion of India's population, which stands at just over 1.486 billion people.


Resecurity's report states that "HUNTER investigators established contact with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000." However, it remains unclear how the data was initially leaked on the dark web.

The dataset comprises various fields related to Indian citizens, including names, father's names, phone numbers, passport numbers, Aadhaar numbers, age, gender, addresses, and pincodes.

Additionally, 'pwn0001' shared spreadsheets with fragments of Aadhaar data as proof. One of these samples contained 100,000 records of Personally Identifiable Information (PII) related to Indian residents, with the report confirming that the Aadhaar Card IDs were valid, as verified through the government's "Verify Aadhaar" portal.

Another incident reported in the Resecurity document occurred on August 30, 2023, when a threat actor named 'Lucius' posted a thread on Breach Forums promoting a 1.8 terabyte data leak, which included a database of India's internal law enforcement organization. This dataset featured details such as names, phone numbers, addresses, national ID numbers, and relative names.

The leak by 'Lucius' contained a more extensive array of PII data compared to 'pwn0001.' In addition to Aadhaar IDs, it included Voter IDs and driving license records, as stated in the Resecurity report.

This significant breach of Indian PII data on the 'Dark Web' poses a severe risk of digital identity theft. Cybercriminals targeting India can exploit these stolen credentials to conduct various financially motivated scams, including online banking theft and e-tax refund fraud.

Cyberattacks targeting government platforms have been on the rise in India recently. Earlier this year, the government's Parivahan website suffered a data breach, exposing its source code and sensitive data of 10,000 users. In another incident, the Aadhaar or passport numbers of COVID-vaccinated beneficiaries were being sold via Telegram by a threat actor.

These developments underscore the urgent need for enhanced cybersecurity measures and data protection in India to safeguard the personal information of its citizens.

Comments

  1. Anonymous31 October 2023 at 12:12:00 GMT-5

    Privacy should taken seriously at government level.

    ReplyDelete
  2. Anonymous3 November 2023 at 00:21:00 GMT-5

    The government should be accountable for this

    ReplyDelete

Post a Comment

Popular posts from this blog

Israel Deploying Submarines With Nukes?

By
The Defense Blog, citing reports from journalist Doron Kadosh, affiliated with the Israeli radio network operated by the Israel Defense Forces – Army Radio (also known as Galei Tzahal or Galatz),   reports on the deployment of submarines in the Middle East . Israel’s decision was reportedly dictated by rising tensions with Iran and the presence of Palestinian Hezbollah in Lebanon. Kadosh was to relay that  submarines had been deployed at combat positions  along the coast of the Mediterranean Sea in the Middle East in response to escalating threats from Iran and Hezbollah. The submarines are a vital element of Israel’s combat capabilities. The Defence Blog emphasizes that their deployment in the Middle East “is a clear signal of this country’s commitment to maintaining a strong deterrent stance”. The Israeli Navy currently operates five modern Dolphin I/II class submarines. All were designed and constructed by the German company Howaldtswerke-Deutsche Werft (HDW). Work is ...
Post a Comment
Read more

Elon Musk Declares Support For Gaza

By
Amidst growing concerns regarding the recent internet and communications blackout in the Gaza Strip, a notable development emerged from the technology sector. Elon Musk, the CEO of Tesla and owner of SpaceX, made a significant announcement on October 28th. He disclosed that Starlink, the satellite network operated by SpaceX, would provide assistance to globally recognized aid organizations operating in Gaza. This response was prompted by a heartfelt appeal from Alexandria Ocasio-Cortez, often referred to as AOC, a prominent figure in U.S. leadership. AOC, well-known for her outspoken opinions, raised questions about the rationale behind Israel's decision to cut off internet access in Gaza. In a social media post on X (formerly Twitter), she openly challenged the ethical aspects of this action and expressed profound concerns about the consequences of disconnecting an entire population of 2.2 million people. AOC's message was clear: "Disconnecting an entire population of 2...
1 comment
Read more

Bharat will replace India in NCERT books?

By
  A proposal made by a committee within the National Council of Educational Research and Training (NCERT) to use the term 'Bharat' instead of 'India' in the next series of educational textbooks has reportedly gained unanimous acceptance from its members. The NCERT comprises 25 panels responsible for altering and enhancing the content of NCERT books. It's important to note that this proposal has been approved by a smaller committee within the NCERT but is still pending final approval. The proposal has now been forwarded to the NCERT in Delhi for further evaluation. According to IC Issac, the chairman of the panel, this proposal was initially put forth several months ago and has now received the committee's support. This recommendation from the NCERT panel emerges in the context of an ongoing debate about whether the country should be officially renamed 'Bharat'. This debate was ignited when the Centre issued G20 dinner invitations on behalf of "P...
1 comment
Read more