close
Breaking news

A new line of argument has already come to dominate the public sphere: it’...read more The government has gone one step further to detect community spread of the coro...read more The government has issued an order to abolish the six allowances, including the...read more Aarogya Setu application launched by NIC is aimed to track COVID-19 affected pe...read more SEOUL| South Korea’s unemployment rate was unchanged in April as the coronavi...read more Amid the outbreak of Corona pandemic in the country, Indian government has been...read more Prime Minister Narendra Modi in his address to the nation on Tuesday indicated ...read more Corona infection in the country is taking a macabre form. So far, more than 74 ...read more Congress General Secretary Priyanka Gandhi Vadra has written a letter to UP Chi...read more On Tuesday, Prime Minister Narendra Modi announced a package of Rs 20 lakh cror...read more

BHIM Security Breach : 72.6 Lakh Users Data At Risk

BHIM Data Breach

Security researchers said that data from about 72.6 lakh users of mobile payment app BHIM was revealed by a website. The report by the VPN review website vpnMentor stated that the data revealed contained many sensitive information such as name, date of birth, age, gender, home address, caste status and Aadhaar card details etc.

In a blog post on Sunday, security researchers at vpnMentor wrote, “The scale of the data exposed is extraordinary. It can affect millions of people across India. Taking advantage of this, hackers and cybercriminals also address fraud, theft, and attacks.

However, this flaw was overcome when the researchers contacted the Computer Emergency Response Team (CERT-In) of India and informed them twice in a month. After which the violation was closed last month. The BHIM website has been developed by a company called CSC e-Governance Services Limited in partnership with the Government of India.

The researchers said, “In this case, the BHIM data was stored in an unprotected Amazon Web Services (AWS) S3 bucket. The researchers said that the S3 bucket is a popular form of cloud storage worldwide, but to establish security protocols Developers require their account.

He said that “We reached out to the website developers to inform them of the misconfiguration in their S3 buckets and provide their assistance. After not getting a reply, we contacted the Computer Emergency Response Team (CERT-In) of India, the country. In cyber security, “

How BHIM Data is Compromised?

Research led by vpnMentor’s Noam Rotem and Ran Lokar revealed that CSC set up the wrong S3 bucket-linked website to promote BHIM use across the country, and new merchant businesses, such as mechanics, farmers, service providers and Signed up store owners on the app. The exposed data, which was first discovered by security researchers on 23 April, had a volume of 409GB.

The report stated, “It is difficult to say precisely, but the S3 bucket had records from a short period (February 2019). However, within such a short time, more than 70 lakh records were uploaded and exposed.”

Tags: ,

Story Page

Download Our Mobile App