Menu Close

Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

Provident Fund (PF) information of about 28 crore Indians was discovered to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the invention on August 1 and located that particulars akin to Universal Account Number (UANs), names, marital standing, (*28*) particulars, gender, and checking account particulars had been uncovered on-line. According to Diachenko, he discovered two completely different web protocol (IP) addresses internet hosting two clusters of leaked information. Both of these IPs had been hosted on Microsoft’s Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a publish on LinkedIn. On August 2, Diachenko found two separate IP clusters of information that contained indices referred to as UAN. Upon reviewing the clusters, he discovered that the primary cluster contained 280,472,941 data, whereas the second IP contained 8,390,524 data.

“After quick review of the samples (using a simple browser), I was sure that I am looking at something big and important”, Diachenko mentioned in his publish. However, he was not capable of finding who owned the info. Both the IP addresses had been hosted on Microsoft’s Azure platform and had been India-based. He wasn’t in a position to acquire different data through a reverse DNS evaluation.

The Shodan and Censys search engines like google and yahoo from Diachenko’s SecurityDiscovery agency discovered these clusters on August 1. However, it’s not clear how lengthy the knowledge was accessible on-line. The information may’ve been misused by hackers to achieve entry to the PF account. Data akin to identify, gender, (*28*) particulars, is also used to create faux identities and paperwork.

The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet informing them concerning the leak. The CERT-In replied to his tweet asking him to offer a report of the hack in an e mail. Both IP addresses had been taken down inside 12 hours after his tweet. Diachenko says that since August 3, no firm or company has come ahead to take duty for the hack