From the source, Data breach happens with a mobile payment app called Bharat Interface for Money(BHIM) which has been affected by millions of Data leaked.
This happens when the BHIM fails to secure and store the data which is collected from users and businesses in a sign-up campaign.
On April 23, The researcher team at vpnMentor made a hint for the data related campaign that was publicly accessible after being stored in a misconfigured Amazon Web Services S3 bucket.
This was the serious concern that the large scale of data has been exposed and affected millions of people all over India. The Exposed data may be used for potentially devastating fraud, theft, and attack from the hacker and cybercriminals.
The data all exposed are confidential which BHIM app use to open an account like Aadhaar card(India’s national ID card), Caste Certificates, professional and educational certificates, photos used for the of residence, PAN ( Permanent Account Number) which is associated with income tax services and the screenshots of financial and banking apps as proof of fund transfer.
If we talk about the private personal user data contained within these documents that include names, dates of birth, gender, home address, caste status, religion, biometric details, ID photos, fingerprint scan, and social security services.
In February 2019, around 7 Million records from the dating app and every data belong to the underage 18-year-old.
After investing more, they found vpnMentor’s team found around 409 GB of data stored insecurely in BHIM, which operates via the website www.cscbhim.in. The bucket traces back to BHIM as it was labeled as “csc-bhim”.
As the researcher mentioned, “ many weeks later, we contacted CERT-In a second time”. After that, the breach was closed.
This app is launched in 2016 to facilitate instant e-payments and money transfers between bank accounts via a user’s smartphone. This app is downloaded around 136 million times according to the non-profit business consortium.
[…] happens as usually happened with BHIM payment, this happens when the member of the team left an unencrypted backup of the JRD website on an […]
[…] happens as usually happened with BHIM payment, when the member of the team left an unencrypted backup of the JRD website on an unsecured Amazon […]
[…] they just left a note in “readme_files.txt “ on the server to describe the guide and the payment methods to get the original […]