Data from the Provident Fund (PF) of nearly 28 crore Indians was purportedly compromised earlier this month. According to information provided by a Ukrainian cybersecurity expert, the PF data of 28 crore Indians was compromised on August 1. The victims’ names, Aadhaar information, gender, marital status, and bank account information were all included in the PF data that was released.
Bob Diachenko, a researcher in cybersecurity, shared detailed information about the incident on LinkedIn. The researcher disclosed that he discovered two different IPs with UAN indices. For those unaware, UAN, or the Universal Account Number is assigned by the Employees’ Fund Organization (EPFO), which serves as an umbrella for several members assigned to a person by various companies. Under a single UAN for a user, various member IDs are assigned to a specific person. About the findings, Diachenko gave some essential details.
Sensitive information, like the UAN, Aadhar, bank account numbers, etc., was included in the 28 crore Indians’ PF data that was breached earlier this year. On August 2, Diachenko found two different IPs that included UAN indices. The smaller of the two clusters held 2,80,472,941 records, while the larger one held 8,390,524.
The two IPs were in India and hosted on Microsoft’s Azure cloud. Even using a reverse DNS analysis, Diachenko could not trace the hack’s origins back to the source who stole the crucial data, despite disclosing the facts of the attack.
“Given the size and apparent importance of the data, I chose to tweet about it without mentioning the source or any other relevant information. According to the researcher, both IP addresses were taken down and are currently unreachable within 12 hours after my tweet. None of the organizations or businesses that have claimed responsibility for the breach has responded to Diachenko.
In his tweet, Diachenko also included the CERT-In organization from India. The nation’s nodal agency requested Diachenko to send the information to others.
“After quickly going over the samples, I was sure I was looking at something substantial. Who owns the data was not readily apparent. Both IPs were situated in India and hosted by Azure. Reverse DNS examination yielded no more information, according to Diachenko.
Microsoft offers Azure, a cloud computing and data storage service. DNS, sometimes known as the “telephone directory” of the internet, is an organized system that aids specialists in identifying machines that are reachable over the internet.
Diachenko noticed that the two URLs came up in searches made using the sophisticated search engines Shodan and Censys, which enable hackers and cyber professionals to find vulnerable internet-connected devices and data. One cluster included 28.04 billion data, while the other contained 83.90 lakh items.
While it is uncertain how long this material was made public before search engines indexed it, both Shodan and Censys search engines pulled them up on August 1.
Data leaks are always treated seriously since they might lead to various cybercrimes. Authorities are concerned that the personal information in the leaked data could be used to create false identity documents, obtain loans in the names of the exposed people, and target them in phishing scams, in addition to the obvious possibility that it could be used to hack into the PF accounts of Indians.