Provident Fund Data of 28 Crore Indians Leaked By Hackers, Says Researcher

Provident Fund (PF) information of about 28 crore Indians was discovered to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the invention on August 1 and located that particulars resembling Common Account Quantity (UANs), names, marital standing, Aadhaar particulars, gender, and checking account particulars had been uncovered on-line. In line with Diachenko, he discovered two totally different web protocol (IP) addresses internet hosting two clusters of leaked information. Each of those IPs had been hosted on Microsoft’s Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a post on LinkedIn. On August 2, Diachenko found two separate IP clusters of information that contained indices known as UAN. Upon reviewing the clusters, he discovered that the primary cluster contained 280,472,941 information, whereas the second IP contained 8,390,524 information.

“After fast assessment of the samples (utilizing a easy browser), I used to be positive that I’m taking a look at one thing massive and vital”, Diachenko stated in his submit. Nevertheless, he was not capable of finding who owned the info. Each the IP addresses had been hosted on Microsoft’s Azure platform and had been India-based. He wasn’t in a position to acquire different data through a reverse DNS evaluation.

The Shodan and Censys search engines like google from Diachenko’s SecurityDiscovery agency discovered these clusters on August 1. Nevertheless, it isn’t clear how lengthy the data was accessible on-line. The info might’ve been misused by hackers to realize entry to the PF account. Information resembling title, gender, Aadhaar particulars, may be used to create faux identities and paperwork.

The researcher tagged the Indian Laptop Emergency Response Workforce (CERT-In) in a tweet informing them concerning the leak. The CERT-In replied to his tweet asking him to supply a report of the hack in an e mail. Each IP addresses had been taken down inside 12 hours after his tweet. Diachenko says that since August 3, no firm or company has come ahead to take accountability for the hack