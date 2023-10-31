Unknown hackers on the dark web have access to the personal data of 81.5 crore Indians, as per a report by a US-based cybersecurity agency. This personal data includes Aadhaar details, passport information, phone numbers, addresses, and pin codes. Additionally, a user on X (formerly Twitter) reported that COVID-19 data has also been leaked.

Detailing the data breach, the report by Resecurity cybersecurity agency, mentions a hacker with the alias ‘pwn0001′ who posted on the dark web platform Breach Forums, that he has access to Indians’ Aadhaar and Passpoort database for 2023.

The hacker revealed that the data wasn’t sold anywhere before and was the ‘latest private data’. This included name, father’s name, phone number, secondary number, Passport number, Aadhar number, age, gender, address, district, pin codes, state, and town.

When the cybersecurity agency’s HUNTER (HUMNIT) unit contacted the hacker, he was ready to sell the data for $80,000. The hacker mentioned that the data was sized 90GB and was of the month of September 2023.

The hacker also shared spreadsheets containing four large leak samples of Aadhaar as proof. HUNTER verified the legitimacy of the Aadhaar information via a government portal.

Unfortunately, the hacker pwn0001 declined to reveal how he obtained the information.

Back in August, another user from Breach Forums with alias ‘Lucius’ posted that he has India’s internal law enforcement organization database. The post mentioned that the user had access to a photo ID proof number, person name, relative name, national ID number, and other information.

The agency analyzed and found a mention of the word PREPAID. This could possibly mean that the data of a telecommunication carrier that offers pre-paid SIMs might (with the KYC method) have also been leaked. The data leak was 1.8TB and it was up for sale at $4,000.

Why should you worry?

This type of data breach can have numerous repercussions. Those who have access to such personal data can blackmail any individual or entity, commit money fraud, impersonate someone, and the list goes on.

It is concerning how this information was collected and how it may be processed. As an individual, we can’t do anything now that the damage appears to be done. But the government can probe into the issue and offer a statement on the same.

In the meantime, it’s essential for everyone to beware of scams happening online. Recently, in an Aadhaar-bank fraud, fraudsters managed to withdraw money by impersonating bank account holders. You can read the story here and take immediate action to safeguard yourself.