Provident Fund (PF) information of about 28 crore Indians was discovered to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the invention on August 1 and located that particulars akin to Common Account Quantity (UANs), names, marital standing, Aadhaar particulars, gender, and checking account particulars had been uncovered on-line. In line with Diachenko, he discovered two completely different web protocol (IP) addresses internet hosting two clusters of leaked information. Each of those IPs had been hosted on Microsoft’s Azure cloud storage service.
Cybersecurity researcher Bob Diachenko detailed the leak in aon LinkedIn. On August 2, Diachenko found two separate IP clusters of knowledge that contained indices referred to as UAN. Upon reviewing the clusters, he discovered that the primary cluster contained 280,472,941 information, whereas the second IP contained 8,390,524 information.
“After fast assessment of the samples (utilizing a easy browser), I used to be positive that I’m taking a look at one thing massive and essential”, Diachenko stated in his publish. Nevertheless, he was not capable of finding who owned the info. Each the IP addresses had been hosted on Microsoft’s Azure platform and had been India-based. He wasn’t capable of acquire different info by way of a reverse DNS evaluation.
The Shodan and Censys serps from Diachenko’s SecurityDiscovery agency discovered these clusters on August 1. Nevertheless, it’s not clear how lengthy the data was out there on-line. The information may’ve been misused by hackers to achieve entry to the PF account. Knowledge akin to identify, gender, Aadhaar particulars, is also used to create faux identities and paperwork.
The researcher tagged the Indian Pc Emergency Response Crew (CERT-In) in a tweet informing them concerning the leak. The CERT-In replied to his tweet asking him to supply a report of the hack in an e-mail. Each IP addresses had been taken down inside 12 hours after his tweet. Diachenko says that since August 3, no firm or company has come ahead to take duty for the hack