Member
- Joined
- Oct 14, 2023
- Messages
- 225
- Thread Author
- #1
The Center for Internet and Society (CIS) has warned that AADHAAR numbers, which are assigned to citizens of the country by the UIDAI (Unique Identification Authority of India) system, have been leaked from the state database. This database is considered the largest biometric database in the world, as it contains data from more than a billion people. Identification is carried out on the basis of personal data, fingerprints and photos of the iris.
According to the Center for the Study of the Internet and Society, the leak did not occur as a result of an attack or due to the presence of any vulnerability in the system. The blame for the incident lies with the government departments that manage and work with this huge array of data. In particular, the report mentions the National Social Assistance Program, the National Rural Employment Guarantee Scheme, a similar regional program known as Chandranna Bima, as well as the Daily Online Payment Reports under NREGA portal, which is supported by the National Informatics Center.
AADHAAR codes are unique identification numbers consisting of 12 digits in the format XXXX-XXXX-XXXX. This ID not only stores all the data, including biometric parameters, but you can also use this ID to find out almost everything about a person: information about your place of residence, bank accounts, phone numbers, and so on. Currently, AADHAAR codes are used everywhere in India: for receiving government subsidies, as an identity card, for identification in the workplace, they are used in the national payment system, as well as in everyday life, for example, when buying SIM cards or when voting in elections.
CIS experts have warned that the" efforts " of various agencies over the past few months have leaked the data of more than 135 million people to the Internet, and the information is easily found even on Twitter via the hashtag #AadhaarLeaks. And since the victims ' personal data can be correlated with their AADHAAR codes, attackers have a great opportunity to recreate part of the government database and start constructing very convincing fake identities. CIS experts believe that mass cases of financial fraud should be expected first of all after such a leak. Experts also believe that the government should more closely monitor the use of UIDAI and the transfer of citizens data to third parties.
***
Resecurity reports on the leak of highly confidential personal information of more than 800 million residents of India, which is being implemented on the darknet for $ 80,000.
If the leak is confirmed, the breach will be the largest in the country's modern history and will affect more than half of its population.
The first mentions in the cyber underground of millions of lines of personal information of Indian citizens, including those associated with Aadhaar, came to the attention of researchers in early October.
Aadhaar is one of the world's largest biometric identification systems, which has produced about 1.4 billion cards with biometric information (fingerprints, iris scans) for all residents of the country since 2009.
The Aadhaar card contains a unique 12-digit individual identification number and acts as a digital identity identifier, and can also be used for making electronic payments.
In addition, 60% of India's 945 million voters use it to participate in elections. Aadhaars also provides electronic filing of tax returns, payment of bills and management of financial assets, as well as access to subsidies and pension payments.
In addition, the leaked data also included information from COVID-19 tests of citizens registered with the Indian Council of Medical Research (ICMR).
And, as reported by The Hindu, since February, ICMR has been subjected to numerous cyber attacks. In June, hackers launched a service in Telegram with a breakdown of records from the database of the CoWIN vaccination portal.
Then the Indian government denied the leak reports.
However, they also ignore the results of the Resecurity study, according to which on October 9, seller pwn0001 on Breach Forums announced the sale of 815 million records of "Indian Citizen Aadhaar & Passport". In a private correspondence, he shared proofs that turned out to be legitimate data.
Earlier on August 30, Lucius at the same site announced a 1.8 TB leak that affected an unnamed internal law enforcement structure in India. The database contained an even more extensive PII data set than the pwn0001 set.
As Resecurity summarizes, the surge in incidents creates a significant risk*of digital identity theft with the potential to use stolen information in various attacks, primarily targeting citizens ' financial assets, while the Indian authorities look at everything through rose-colored glasses.
According to the Center for the Study of the Internet and Society, the leak did not occur as a result of an attack or due to the presence of any vulnerability in the system. The blame for the incident lies with the government departments that manage and work with this huge array of data. In particular, the report mentions the National Social Assistance Program, the National Rural Employment Guarantee Scheme, a similar regional program known as Chandranna Bima, as well as the Daily Online Payment Reports under NREGA portal, which is supported by the National Informatics Center.
AADHAAR codes are unique identification numbers consisting of 12 digits in the format XXXX-XXXX-XXXX. This ID not only stores all the data, including biometric parameters, but you can also use this ID to find out almost everything about a person: information about your place of residence, bank accounts, phone numbers, and so on. Currently, AADHAAR codes are used everywhere in India: for receiving government subsidies, as an identity card, for identification in the workplace, they are used in the national payment system, as well as in everyday life, for example, when buying SIM cards or when voting in elections.
CIS experts have warned that the" efforts " of various agencies over the past few months have leaked the data of more than 135 million people to the Internet, and the information is easily found even on Twitter via the hashtag #AadhaarLeaks. And since the victims ' personal data can be correlated with their AADHAAR codes, attackers have a great opportunity to recreate part of the government database and start constructing very convincing fake identities. CIS experts believe that mass cases of financial fraud should be expected first of all after such a leak. Experts also believe that the government should more closely monitor the use of UIDAI and the transfer of citizens data to third parties.
***
Resecurity reports on the leak of highly confidential personal information of more than 800 million residents of India, which is being implemented on the darknet for $ 80,000.
If the leak is confirmed, the breach will be the largest in the country's modern history and will affect more than half of its population.
The first mentions in the cyber underground of millions of lines of personal information of Indian citizens, including those associated with Aadhaar, came to the attention of researchers in early October.
Aadhaar is one of the world's largest biometric identification systems, which has produced about 1.4 billion cards with biometric information (fingerprints, iris scans) for all residents of the country since 2009.
The Aadhaar card contains a unique 12-digit individual identification number and acts as a digital identity identifier, and can also be used for making electronic payments.
In addition, 60% of India's 945 million voters use it to participate in elections. Aadhaars also provides electronic filing of tax returns, payment of bills and management of financial assets, as well as access to subsidies and pension payments.
In addition, the leaked data also included information from COVID-19 tests of citizens registered with the Indian Council of Medical Research (ICMR).
And, as reported by The Hindu, since February, ICMR has been subjected to numerous cyber attacks. In June, hackers launched a service in Telegram with a breakdown of records from the database of the CoWIN vaccination portal.
Then the Indian government denied the leak reports.
However, they also ignore the results of the Resecurity study, according to which on October 9, seller pwn0001 on Breach Forums announced the sale of 815 million records of "Indian Citizen Aadhaar & Passport". In a private correspondence, he shared proofs that turned out to be legitimate data.
Earlier on August 30, Lucius at the same site announced a 1.8 TB leak that affected an unnamed internal law enforcement structure in India. The database contained an even more extensive PII data set than the pwn0001 set.
As Resecurity summarizes, the surge in incidents creates a significant risk*of digital identity theft with the potential to use stolen information in various attacks, primarily targeting citizens ' financial assets, while the Indian authorities look at everything through rose-colored glasses.