Provident Fund (PF) knowledge of about 28 crore Indians was discovered to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the invention on August 1 and located that particulars corresponding to Common Account Quantity (UANs), names, marital standing, Aadhaar particulars, gender, and checking account particulars have been uncovered on-line. In response to Diachenko, he discovered two completely different web protocol (IP) addresses internet hosting two clusters of leaked knowledge. Each of those IPs have been hosted on Microsoft’s Azure cloud storage service.
Cybersecurity researcher Bob Diachenko detailed the leak in aon LinkedIn. On August 2, Diachenko found two separate IP clusters of information that contained indices known as UAN. Upon reviewing the clusters, he discovered that the primary cluster contained 280,472,941 data, whereas the second IP contained 8,390,524 data.
“After fast evaluate of the samples (utilizing a easy browser), I used to be positive that I’m one thing massive and essential”, Diachenko mentioned in his put up. Nonetheless, he was not capable of finding who owned the information. Each the IP addresses have been hosted on Microsoft’s Azure platform and have been India-based. He wasn’t in a position to acquire different data by way of a reverse DNS evaluation.
The Shodan and Censys search engines like google from Diachenko’s SecurityDiscovery agency discovered these clusters on August 1. Nonetheless, it isn’t clear how lengthy the knowledge was accessible on-line. The information may’ve been misused by hackers to achieve entry to the PF account. Knowledge corresponding to title, gender, Aadhaar particulars, is also used to create faux identities and paperwork.
The researcher tagged the Indian Pc Emergency Response Staff (CERT-In) in ainforming them in regards to the leak. The CERT-In replied to his tweet asking him to offer a report of the hack in an e-mail. Each IP addresses have been taken down inside 12 hours after his tweet. Diachenko says that since August 3, no firm or company has come ahead to take accountability for the hack