New Delhi: Sensitive information including Aadhaar and passport details, phone numbers and residential addresses of millions of Indians has emerged on the dark web, India Today reported.
A hacker, who is known by pwn0001, advertised the stolen information on the dark web, bringing to fore perhaps the biggest data breach ever in India.
Though the source of leak has not yet been confirmed, the hacker claimed the data came from the database of the Indian Council of Medical Research (ICMR) collected during COVID-19 testing, according to the report.
Resecurity, an American agency specialising in cybersecurity and intelligence, was the first to discover the data breach..
It was on October 9 that 'pwn0001' revealed details about the leak on Breach Forums, advertising the availability of inputs of 815 records including "Indian Citizen Aadhaar & Passport" data.
The leaked details include 100,000 files with personal details of Indian citizens.
The accuracy of the leaked inputs were confirmed using ‘Verify Aadhaar’ on government’s portal, which authenticated the Aadhaar details.
Meanwhile, the News 18 reported that the Computer Emergency Response Team of India (CERT-In) also alerted ICMR about the breach.
The Covid-19 test inputs have been stored up with various government bodies including the National Informatics Centre (NIC), ICMR, and the Ministry of Health. This makes it hard for pinning down on the exact locale of the breach, according to the report.
The Ministry of Information and Technology or other agencies have not yet responded to the reports of the leak.
In another breach at AIIMS earlier this year, cybercriminals took over the control of more than 1TB of data of the institute, demanding huge ransom.
Subsequently, the hospital tried to keep manual record for 15 days which slowed down regular works there.
In December 2022, Chinese hackers demanded Rs 200 in cryptocurracy after hacking AIIMS Delhi’s data base.