In a recent alarming development, sensitive information belonging to around 81.5 crore Indians has surfaced on the dark web, triggering concerns across the country. This extensive data breach includes the exposure of highly confidential information such as Aadhaar and passport details, names, phone numbers, and both temporary and permanent addresses. While official government confirmation is still pending, a US-based cybersecurity agency, along with security researchers, has provided crucial insights into the gravity of this situation.

 

The Data Breach’s Origin:

This data breach is reportedly linked to the Indian Council of Medical Research (ICMR), where data from citizens registered for COVID-19 tests was allegedly compromised. The breach is believed to be the work of a threat actor known as “Tanaka.” Notably, hackers have attempted to breach ICMR data multiple times since February. In the past year, more than 6,000 hacking attempts targeted ICMR servers, leading central agencies and the council to take note and request remedial action to avert data leakage.

 

The Breach and Its Implications:

The breach was brought to public attention by a hacker using the pseudonym ‘pwn0001,’ who disclosed details about the breach on Breach Forums on October 9. This individual claimed to have accessed a staggering 815 million records, equivalent to 81.5 crores, containing a wide array of sensitive personal information. The dataset provided by ‘pwn0001’ includes an extensive list of personal details, including names, passport numbers, Aadhaar information, and much more.

Security researchers at Resecurity’s HUNTER (HUMINT) unit have identified that millions of personally identifiable information (PII) records, including Aadhaar cards, are being offered for sale on the dark web. The severity of this breach is evident when considering the comprehensive nature of the stolen data, raising concerns about potential identity theft and other fraudulent activities.

 

Proof of the Breach:

To further validate the seriousness of this data breach, ‘pwn0001’ provided proof by sharing spreadsheets containing segments of Aadhaar data. These spreadsheets contained details of 1,00,000 individuals residing in India. Security researchers meticulously verified some of these Aadhaar Card IDs, confirming their authenticity by cross-referencing them through a government website designed for Aadhaar validation.

The data set offered by pwn0001 includes the following information:

• Name
• Fathers Name
• Phone Number
• Other Number
• Passport Number
• Aadhar Number
• Age
• Gender
• Address
• District
• Pincode
• State

 

The ‘Lucius’ Leak:

Adding to the distress caused by the primary breach, an individual named ‘Lucius’ came forward on August 30, claiming to have a more extensive data leak, totaling a massive 1.8 terabytes. This leak was labeled “India internal law enforcement organization” and was reported to contain an even larger volume of personal information. The leaked data reportedly included Aadhaar IDs, Voter IDs, and driving license records.

Of particular note, security researchers uncovered records labeled “PREPAID,” which suggested a potential connection to companies offering pre-paid SIM cards. Such companies typically collect personal information for customer verification before providing mobile services.

 

Remediation Steps:

Given the severity of this situation, immediate action is essential to protect personal information and mitigate potential risks. Here are some recommended remediation steps:

• Regularly Monitor Personal Information: Vigilantly review your financial statements and personal data for any unusual activity or unauthorized changes.
• Strengthen Online Security: Change passwords and enable Two-Factor Authentication (2FA) for all online accounts to enhance security.
• Beware of Phishing Attempts: Stay alert for phishing attempts that may exploit this situation. Avoid clicking on suspicious links and refrain from sharing personal information.
• Check Your Credit Report: Obtain and carefully review your credit report to detect any unauthorized financial activities.
• Report Suspected Misuse: If you suspect any misuse of your data, promptly report it to relevant authorities and local cybercrime units.

 

Conclusion:

The massive data breach in India is a matter of great concern, and individuals and organizations alike must take proactive steps to safeguard their personal information. Staying informed, remaining vigilant, and following best practices for online security are crucial in mitigating the potential impact of such data breaches.

Additionally, it is imperative for authorities to thoroughly investigate and address these breaches effectively to prevent future incidents. Staying updated with the latest information and adhering to guidance from trusted sources are essential in protecting your personal information during these challenging times.