Passport information, names, phone numbers, addresses, and Aadhaar numbers are for sale. An inquiry is currently ongoing into a database breach.
According to Business Standard, a report by the American cybersecurity firm Resecurity claims that the personally identifiable information of approximately 815 million Indians, or 81.5 crore individuals, was compromised and published on the dark web.
Data including names, phone numbers, addresses, Aadhaar numbers, and passport information are for sale online, according to the report.
Resecurity stated in a blog post, “A threat actor identifying themselves as ‘pwn0001’ facilitated access to 815 million “Indian Citizen Aadhaar& Passport” records on Breach Forums on October 9th.” India’s population exceeds 1.486 billion individuals.
Additionally, the organization disclosed that investigators from its HUNTER (HUMINT) unit, who made contact with the threat actor, discovered that he or she was interested in selling the complete Aadhaar and Indian passport databases for $80,000.
The Central Bureau of Investigation (CBI) is reportedly conducting an investigation into the intrusion discovered by hacker “pwn0001.”
In addition to this, the data set offered by pwn0001 comprised several slots regarding the PII of Indian citizens, including but not limited to:
- Father’s Name,
- Phone Number,
- Other Number,
- Passport Number,
- Aadhar Number,
- State, etc.
It was not disclosed by Pwn0001 how the data were acquired. In the absence of the threat actor divulging the origin of the data breach, any endeavor to ascertain the cause of the incursion will be conjectural.
Simultaneously, pwn0001 disseminated spreadsheets comprising four substantial breach samples accompanied by partial Aadhaar data as substantiation. One of the compromised samples comprises one hundred thousand records of PII pertaining to Indian citizens. HUNTER analysts identified authentic Aadhaar Card IDs in this sample leak, which were validated through a government portal featuring a “Verify Aadhaar” function. This functionality enables individuals to verify the legitimacy of Aadhaar credentials.
A threat actor using the alias ‘Lucius’ published a thread on Breach Forums on August 30th, announcing the compromise of a 1.8 terabyte data set belonging to an unidentified “India internal law enforcement organization.”
On September 27th, Lucius made a post on Breach Forums wherein he advocated for the availability of a 70 GB dataset that had been illicitly obtained from the Pakistani military and an associated clandestine entity. According to Lucius, the aforementioned leak has significant implications for a vast number of mobile subscribers, exceeding 450 million individuals.
According to another News18 report, the compromised data may have originated from the database of the Indian Council of Medical Research (ICMR).
Additionally, an intruder on X reported, “India’s Largest Data Breach Unidentified hackers have compromised the personal information of more than 800 million COVID-19-positive Indians. Name, Father’s name, Phone number, Other number, Passport number, Aadhaar number, and Age are among the compromised details.
In the interim, this is not the initial instance of a data compromise. The government initiated an inquiry into a data intrusion in early June subsequent to allegations that the personal information of vaccinated citizens, including VVIPs, had been compromised from the CoWin website through a Telegram messenger channel.
The government, which has been implementing measures to digitalize the economy and has constructed digital public infrastructure (DPI) using biometric identification numbers (Aadhaar), mobile phone numbers, and bank accounts as the foundation for the transfer of benefits and innovation in the private sector, has been severely shaken by the data breach allegation.
Why is it important?
The results of Resecurity’s study align with a recent vendor survey which identified India as one of the top-five regions for intrusions in the global threat landscape. As of the first half of 2023, India ranked fourth globally in online banking malware detection and fifth globally in all malware detections, according to this survey.
September saw the publication of a distinct vendor survey of 200 Indian IT decision-makers that yielded comparable results. According to this report, the number of disruptive cyberattacks against 45% of Indian enterprises increased by more than 50% in the past year, the highest percentage in the Asia-Pacific region. Additionally, 67% of Indian government and essential services organizations encountered disruptive cyberattacks that increased by more than 50%, according to the report.
57% of IT decision-makers at telecommunications companies are most concerned about ransomware attacks. In other words, according to a survey conducted in October, India has the highest incidence of ransomware in southern Asia. This malevolent behavior additionally aligns with a period in which India is gaining greater geopolitical and economic influence in the international arena.
The World Bank ranks India as one of the nations with the most rapid economic expansion. India’s middle class, which grew at the highest rate of 6.3% between 1995 and 2021, now comprises more than 30% of the country’s population. The demographic trend resulting in increased domestic earning capacity, smartphone accessibility, and bank penetration renders India a considerably more enticing target for malicious actors.
Therefore, it follows that Indian PII data would garner a disproportionately greater level of attention from the cybercriminal underworld. Regarding threats at the level of nation-states, China has become India’s most formidable regional adversary. Notwithstanding the enduring hostilities with Pakistan, the rivalry between India and its northern neighbor has progressively intensified. The United States Institute for Peace, a think organization, reports that “as the U.S.-China rivalry intensifies, the United States has sought to strengthen its economic and security ties with India.”
The bilateral tensions are exemplified by the notable omission of Indian Prime Minister Narendra Modi from China’s Belt and Road Forum, which is the third occasion that Beijing has organized to promote its ambitious global infrastructure initiative. Regardless of state-sponsored threats, the more imminent peril confronting citizens and residents of India is the widespread lack of awareness regarding the online sale of their personal information. Moreover, the Indian government’s official press agency vehemently defended the security and dependability of Aadhaar data as early as last month.
The escalation in Aadhaar data intrusions has been significantly ascribed to the ongoing instability in the Middle East as well. Hacktivists have escalated their attacks on online resources, taking advantage of the disorder, and have since generated profits from these breaches through the illicit trade of compromised data on the Dark Web.
In addition to textual information, cybercriminals market scanned identification cards obtained from compromised systems. The risk of identity theft and fraud is increased by these stolen identification cards, particularly in online banking and e-commerce.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More News Here