Data Breach Exposes Sensitive Information of 81.5 Crore Indians
A recent cybersecurity incident has sent shockwaves across India as reports emerge of a massive data breach affecting an estimated 81.5 crore individuals. The breach, allegedly disclosed by a hacker known as ‘pwn0001,’ has stirred concerns about the exposure of sensitive personal details, including Aadhaar and passport information, names, phone numbers, and both temporary and permanent addresses of millions of Indians.
The US-based cybersecurity agency, Resecurity, uncovered this alarming development after ‘pwn0001’ boasted about the breach on Breach Forums on October 9. The hacker claimed access to a staggering 815 million records, raising significant alarm bells regarding the security of personal information. However, the government has yet to provide official confirmation or details regarding this breach.
Resecurity’s HUNTER (HUMINT) unit further analyzed the situation, confirming the presence of millions of personally identifiable information (PII) records belonging to Indian residents on the Dark Web. The compromised data includes a plethora of sensitive details such as Aadhaar cards, passport numbers, addresses, phone numbers, and more.
What’s particularly unsettling is the contents of the data set shared by ‘pwn0001,’ which encompassed an array of personal information. The leaked data reportedly contained essential details, including names, fathers’ names, phone numbers, multiple identification numbers, passport numbers, Aadhaar details, age, gender, addresses, districts, pin codes, and states.
Resecurity’s investigation into the matter unveiled spreadsheets provided by the hacker, which served as proof of the breach. These spreadsheets contained segments of Aadhaar data, among which Resecurity’s HUNTER team validated the authenticity of certain Aadhaar Card IDs. This validation was conducted through a government website designed to verify the legitimacy of Aadhaar details, solidifying the severity and credibility of the breach.
Another disconcerting revelation comes from an online entity identified as ‘Lucius,’ who claimed, on August 30, to possess a massive 1.8 terabytes of leaked data. Dubbed “India internal law enforcement organization,” this leak allegedly contained a more extensive array of personal information compared to ‘pwn0001’s’ breach. It reportedly included Aadhaar IDs, Voter IDs, driving license records, and even records labeled with the term “PREPAID,” hinting at a potential link to companies offering prepaid SIM cards that collect personal information for customer verification.
The magnitude and sensitivity of this breach raise significant concerns about the security and protection of personal data in India. The potential misuse of such information could lead to various forms of identity theft, financial fraud, and privacy violations, emphasizing the urgent need for robust measures to safeguard citizens’ confidential data.
As the authorities continue their investigations into this alarming breach, the priority remains to enhance data protection protocols and prevent such large-scale security compromises from recurring, ensuring the safety and security of sensitive personal information for all individuals in the digital age.