UANs, Aadhaar and Bank account details allegedly leaked by hackers earlier this month.
About 28 crore consumers’ Provident Fund (PF) data was leaked by hackers in the beginning of August. Bob Diachenko, A cybersecurity researcher from Ukraine, discovered this on August 1. He found that Universal Account Number (UANs), names, marital status, Aadhaar details, gender, and bank account details were released online. He found two clusters of leaked data on two different internet portals. These IPs were hosted on Microsoft's Azure cloud storage service.
Bob Diachenko took to his LinkedIn to post about this leak. He discovered the UAN on two IPs. When he reviewed the clusters he found that the first cluster contained 280,472,941 records, whereas the second IP contained 8,390,524 records.
In his post, the researcher said he immediately was sure that he was looking at something big and important. He was not able to find who owned the data.
Both the IP addresses were hosted on Microsoft's Azure. Both were also Indian based but he wasn't able to obtain other information via a reverse DNS analysis.
On August 1, The Shodan and Censys search engines from Diachenko's Security Discovery firm found these clusters. It is still not clear how long the information was present online. The data could've been misused by hackers to access the PF accounts. The data like name, gender, Aadhaar details, could also be used to create fake identities and documents.
Indian Computer Emergency Response Team (CERT-In) was tagged in a post on Twitter disclosing the leak. In response, CERT-In first requested the report of the hack in an email. Thereafter, within 12 hours after his tweet, both IP addresses were taken down. No company or agency has taken responsibility for the leak yet according to Bob Diachenko.