More on News
PM Modi Discusses Role of Technology in Agriculture, Education, and Health with Bill Gates
-
Team Eela
Hackers leak Provident Fund data of 28 crore Indians, claims cybersecurity researcher
Volodymyr “Bob” Diachenko, a Ukrainian cybersecurity researcher, has made some startling revelations concerning the Indian working class. According to his research, hackers have leaked Provident Fund (PF) data of 28 crore Indians online.
Volodymyr “Bob” Diachenko disclosed hackers exposed details such as Universal Account Number (UAN), names, marital status, Aadhaar, gender, and bank account information on August 1, 2022. The researcher made the claims detailing the breach in a blog post on LinkedIn Pulse.
“On August 2, 2022, an internal report caught my attention. Our systems identified 2 (two) separate IPs with passwordless Elasticsearch clusters containing indices called “UAN.” After a quick review of the samples (using a simple browser), I was sure I was looking at something big and important. UAN stands for Universal Account Number, and this is an important part of the Indian government registry. UAN is allotted by the Employees’ Fund Organization (EPFO). First IP with Elasticsearch cluster contained 280,472,941 records. Second IP contained 8,390,524 records,” Diachenko wrote.
Diachenko also revealed that both the IP addresses were India-based and hosted on the Azure platform, a cloud computing and data storage service by tech giant Microsoft.
“It was not immediately clear who the data owner is. Both IPs were Azure-hosted and India-based. No other information was obtained through reverse DNS analysis as well. Shodan and Censys search engines picked them up on August 1, but it is unknown for how long this information was exposed before search engines indexed them,” he wrote.
According to Free Press Journal, Diachenko is constantly in touch with the Indian authorities related to the matter.
