Over 7 million records of BHIM UPI app users were breached, including scans of Aadhaar cards, caste certificates, proof of residence, PAN cards, professional certificates and degrees, according to a report by VpnMentor. The breach included lists of BHIM's merchants and up to 1 million individual users, along with their UPI handles. VpnMentor's research team, led by Noam Rotem and Ran Locar, discovered the breach. According to AP News, Rotem is an Israeli security researcher, who most recently pointed out a breach in an app used by Israel's ruling conservative party. Rotem and Locar work on behalf of VpnMentor, and have exposed multiple security vulnerabilities. The data, totaling to 409 GB, was stored on an misconfigured Amazon Web Services S3 bucket belonging to cscbhim.in and was publicly accessible. The website is developed by CSC e-Governance Services Ltd, along with the Ministry of Electronics and Information Technology (MEITY). VpnMentor discovered the breach on April 23, and it was closed nearly a month later on May 22. The firm first contacted CERT-in, India's nodal agency for cybersecurity threats, on April 28. The firm contacted CSC e-Governance Services on May 5. It contacted CERT-in again on May 22, after which vulnerability was finally closed. The leaked documents contain sensitive personal information. For instance, caste certificates include name, gender, religion, father's name, and taluk. The list of merchants and users linked them with their profession and UPI handles. Apart from address, gender, and father's name, Aadhaar also includes biometrics. BHIM is a UPI payments app developed…
- MediaNama Daily: Fraud vs Fintech March 30, 2023
- RTI: The curious case of ‘no data on insured vehicles’ with India’s Insurance Regulatory Authority March 29, 2023
- Is encryption better than anonymization of data for individual privacy? #NAMA March 29, 2023
- Chhattisgarh’s Online Gambling Law Comes Into Effect: Key Highlights March 29, 2023
- Google loses its appeal against India’s competition regulator’s order in the NCLAT March 29, 2023
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Amazon announced that it will integrate its logistics network and SmartCommerce services with the Open Network for Digital Commerce (ONDC).
India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?
After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples
In the case of the ‘deemed consent' provision in the draft data protection law, brevity comes at the cost of clarity and user protection
The regulatory ambivalence around an instrument so essential to facilitate data exchange – the CM framework – is disconcerting for several reasons.
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...