A report by US-based cybersecurity firm Resecurity has claimed that personal identifiable information of about 815 million which is 81.5 crore Indians has been leaked on the dark web, as reported by Business Standard. As per the report, data including names, phone numbers, addresses, Aadhaar, passport information are for sale online.
Resecurity in a blogpost wrote, “On 9 October, a threat actor going by the name ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records.” Notably, India’s entire population is over 1.486 billion people.”
The company also added that its HUNTER (HUMINT) unit investigators who established contact with the threat actor, learned that they were willing to sell entire Aadhaar and Indian passport database for $80,000.
As per media reports, Central Bureau of Investigation (CBI) is currently investigating the breach that was discovered by hacker “pwn0001″. Another report by News18 state that the compromised data might be from the Indian Council of Medical Research (ICMR) database.
A hacker on X has also informed, “India Biggest Data Breach Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19. The leaked data includes: Name, Father’s name, Phone number, Other number, Passport number, Aadhaar number and Age”
⚠️ India Biggest Data Breach
Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19.
The leaked data includes:
— Shivam Kumar Singh (@MrRajputHacker) October 30, 2023
Meanwhile, this is not the first time data was breached. Earlier in June, the government had launched an investigation into a data breach after personal data of vaccinated citizens, including VVIPs, from the CoWin website was allegedly leaked via a Telegram messenger channel. The data breach claim has come as a major jolt to the government, which has been taking steps to digitize the economy and has built digital public infrastructure (DPI) based on the biometric identification number Aadhaar, individuals’ mobile numbers, and bank accounts as the backbone for the transfer of benefits and innovation in the private sector.
Aadhaar Data Leak – Personal Information of 81 Crore Indians on Dark Web. Top 7 Things to Know:
1. Resecurity’s report revealed that personal data of approximately 81.5 crore Indians has been exposed on the dark web.
2. The leaked information includes names, phone numbers, addresses, Aadhaar, and passport details of Aadhaar registered users, which are available for sale online.
3. A threat actor known as ‘pwn0001’ offered access to Aadhaar and passport records of 81.5 crore Indian citizens on Breach Forums on October 9.
4. Resecurity’s investigators found that this threat actor was willing to sell the entire Aadhaar and Indian passport database on hand for $80,000.
5. The Central Bureau of Investigation (CBI) is currently probing the breach.
6. There are suspicions that the compromised data may originate from the Indian Council of Medical Research (ICMR) database, as per reports.
7. Another hacker in June 2023 disclosed the leak of personal data, including names, phone numbers, passport numbers, and Aadhaar numbers of over 80 crore Indians, which includes COVID-19-related information.
Investigation was launched in June for the CoWIN vaccine data breach due to the alleged leakage, including VVIPs data via a Telegram messenger channel from the CoWin website.
Earlier in April, hacking group ‘Hacktivist Indonesia’ has circulated a list of 12,000 websites which they want to target. They announced plans to attack thousands Indian government websites in the near future. According to an alert shared by the Home Ministry, this group has previously been linked to cyber attacks in Sweden, Israel and the US.