Unprecedented data leak: Hacker exposes 81.5 crore Indians’ personal data on Dark Web
The compromised data consists of a wide range of personal information, including Aadhaar and passport details, names, phone numbers, and both temporary and permanent addresses of millions of Indians.
Highlights
- Sensitive personal data belonging to 81.5 million Indian individuals has been leaked
- The hacker named 'pwn0001,'made the leak known by promoting the stolen data on the Dark Web
- He unveiled the breach on Breach Forums on 09 October 2023
In a staggering data breach incident, the personal information of 815 million Indians, potentially the largest in India's history, has been exposed on the Dark Web. This breach, brought to light by a hacker known as 'pwn0001,' is traced back to the database of the Indian Council of Medical Research (ICMR). The leaked data includes Aadhaar and passport details, names, phone numbers, and addresses. The breach has raised significant concerns about data security and privacy.
Hacker reveals massive data leak
A hacker, going by the name 'pwn0001,' has disclosed a colossal data breach affecting the personal data of 815 million Indian citizens. This revelation marks a major security incident, with sensitive information being offered on the Dark Web. The source of the leak appears to be the Indian Council of Medical Research (ICMR), which had gathered this data during COVID-19 testing.
What's at risk?
The compromised data consists of a wide range of personal information, including Aadhaar and passport details, names, phone numbers, and both temporary and permanent addresses of millions of Indians. It's a substantial breach, affecting a vast portion of India's population.
Investigations & concerns
The breach came to public attention when the American cybersecurity and intelligence agency, Resecurity, made the initial discovery. On 9 October 2023, 'pwn0001' revealed the breach on Breach Forums, offering access to 815 million records, including ‘Indian Citizen Aadhaar & Passport’ data.
To verify the accuracy of the exposed information, some records were cross-checked using the government's ‘Verify Aadhaar’ feature, which confirmed the authenticity of Aadhaar information.
The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach. The challenge now lies in identifying the exact source of the breach, as the COVID-19 test information is scattered across various government bodies, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health.
Previous incidents highlight concerns
Earlier this year, cybercriminals hacked into the servers of AIIMS (All India Institute of Medical Sciences) and took control of over 1TB of data, demanding a substantial ransom. This forced the hospital to resort to manual record-keeping, causing significant disruptions in an already overcrowded institute.
In a similar incident in December 2022, AIIMS Delhi fell victim to Chinese hackers who demanded a significant sum in cryptocurrency. These previous breaches underscore the pressing need for improved data security and cybersecurity measures across India's institutions.
In conclusion, the massive data breach in India is a stark reminder of the urgent need for enhanced data security and privacy measures. This incident serves as a wake-up call, urging authorities and organisations to prioritise the security of personal information to prevent such large-scale breaches in the future.
