Table of Contents
This Post Is Recently Updated on Oct 31, 2023 @ 22:36 pm by TBB Desk
1. Exposure of Aadhaar Information: Dark Web Sales Uncovered
A recent report by Resecurity, an American cybersecurity firm, has disclosed a substantial data breach involving Aadhaar data. More than 81 crore Indians have had their personal information leaked and subsequently sold on the dark web. The leaked data includes Aadhaar and passport details such as names, phone numbers, and addresses. Suspicions have been raised regarding a potential breach of the Indian Council of Medical Research (ICMR) database, pointing to the severity and extent of this privacy violation.
2. Detailed Insights from Resecurity’s Investigation
In early October, Resecurity’s HUNTER (HUMINT) unit discovered millions of records containing personally identifiable information on the dark web. This extensive dataset included Aadhaar cards belonging to Indian citizens. The cybersecurity firm revealed that a threat actor, going by the pseudonym ‘pwn0001’, had claimed access to Aadhaar and passport records of 815 million Indians, posting evidence on breach forums. Upon contact, ‘pwn0001’ expressed willingness to sell the entire dataset for $80,000, showcasing the alarming availability of such sensitive information.
3. The Nature of the Data Being Sold
The hacker ‘pwn0001′ was found to be trading various datasets of Indian citizens, encompassing a range of personal details. These datasets included names, fathers’ names, phone numbers, alternative contact numbers, passport numbers, Aadhaar numbers, age, gender, addresses, districts, PIN codes, and states. While these were the details identified, the report suggests that the datasets could potentially contain even more personal information. The analysts at HUNTER found proof of Aadhaar data in four spreadsheets related to a government portal’s ‘Verify Aadhaar’ feature, confirming the validity of the information being sold. This incident highlights the critical need for stringent cybersecurity measures to protect citizens’ personal information from unauthorized access and sale.
