Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

The PF data was leaked earlier this month and includes UANs, names, Aadhaar, and bank account details.

Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

Photo Credit: EPFO

Details such as UANs, names, Aadhaar details, gender, and bank account details were exposed

Highlights
  • Leaked data was hosted on Microsoft’s Azure service
  • The researcher informed CERT-In about the leak
  • The data contained Aadhaar and bank details
Advertisement

Provident Fund (PF) data of about 28 crore Indians was found to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the discovery on August 1 and found that details such as Universal Account Number (UANs), names, marital status, Aadhaar details, gender, and bank account details were exposed online. According to Diachenko, he found two different internet protocol (IP) addresses hosting two clusters of leaked data. Both of these IPs were hosted on Microsoft's Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a post on LinkedIn. On August 2, Diachenko discovered two separate IP clusters of data that contained indices called UAN. Upon reviewing the clusters, he found that the first cluster contained 280,472,941 records, whereas the second IP contained 8,390,524 records.

“After quick review of the samples (using a simple browser), I was sure that I am looking at something big and important”, Diachenko said in his post. However, he was not able to find who owned the data. Both the IP addresses were hosted on Microsoft's Azure platform and were India-based. He wasn't able to obtain other information via a reverse DNS analysis.

The Shodan and Censys search engines from Diachenko's SecurityDiscovery firm found these clusters on August 1. However, it is not clear how long the information was available online. The data could've been misused by hackers to gain access to the PF account. Data such as name, gender, Aadhaar details, could also be used to create fake identities and documents.

The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet informing them about the leak. The CERT-In replied to his tweet asking him to provide a report of the hack in an email. Both IP addresses were taken down within 12 hours after his tweet. Diachenko says that since August 3, no company or agency has come forward to take responsibility for the hack

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Siddharth Suvarna
Siddharth Suvarna is the Deputy News Editor at Gadgets 360. He’s been an avid tech junkie for more than two decades now, and started his career as a tech writer almost 12 years ago. He has covered tech news, how-tos, guides, reviews, and almost everything related to gadgets or technology. At Gadgets 360, he can be found tracking news, editing articles, and sometimes sending random tech related memes to his colleagues. You can contact him at siddharths@ndtv.com or use Jason Bourne to hunt ...More
Raksha Bandhan 2022: Best Tech Gift Ideas That Your Sibling Will Love
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »