Provident Fund (PF) data of around 28 crore Indians was found to have been spilled by hackers recently. A cybersecurity scientist from Ukraine, Bob Diachenko, made the revelation on August 1 and found that details, for example, Universal Account Number (UANs), names, marital status, Aadhaar details, gender, and bank balance details were uncovered on the web. As indicated by Diachenko, he found two different IP addresses facilitating two groups of spilled data. Both of these IPs were facilitated on Microsoft’s Azure cloud storage service.
Cybersecurity scientist Bob Diachenko point by point the break in a post on LinkedIn. On August 2, Diachenko found two separate IP groups of data that contained files called UAN. After exploring the groups, he found that the principal bunch contained 280,472,941 records, while the subsequent IP contained 8,390,524 records.
“After speedy review of the samples (using a simple browser), I was certain that I am taking a gander at something big and important”, Diachenko said in his post. Nonetheless, he couldn’t find who claimed the data. Both the IP addresses were facilitated on Microsoft’s Azure platform and were India-based. He couldn’t get other data through an reverse DNS analysis.
The Shodan and Censys search engine from Diachenko’s Security Discovery firm tracked down these groups on August 1. Be that as it may, it isn’t clear the way in which long the data was accessible on the web. The data might have been abused by hackers to get access to the PF account. Data, for example, name, orientation, Aadhaar subtleties, could likewise be utilized to make fake personalities and reports.
The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet illuminating them about the leak. The CERT-In answered to his tweet requesting that he give a report of the hack in an email. Both IP addresses were required down in no less than 12 hours after his tweet. Diachenko expresses that since August 3, no organization or company has approached to get a responsibility of the hack
