In a significant cybersecurity incident, a report from US-based cybersecurity firm Resecurity reveals a massive data breach exposing the personal information of approximately 81.5 crore Indians on the dark web. The compromised data includes names, phone numbers, addresses, Aadhaar, and passport information, all reportedly available for sale online.
According to Resecurity’s blog post, a threat actor known as ‘pwn0001’ posted on Breach Forums, offering access to 815 million “Indian Citizen Aadhaar & Passport” records on October 9. The company’s HUNTER (HUMINT) unit investigators engaged with the threat actor and discovered that the entire Aadhaar and Indian passport database was being offered for sale at $80,000.
India’s Central Bureau of Investigation (CBI) is actively investigating the breach, which was initially flagged by the hacker ‘pwn0001.’ Reports suggest that the compromised data may be sourced from the Indian Council of Medical Research (ICMR) database.
A hacker on an undisclosed platform provided additional details, stating, “India Biggest Data Breach Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19. The leaked data includes: Name, Father’s name, Phone number, Other number, Passport number, Aadhaar number, Age.”
This incident comes as a major setback for the Indian government’s efforts to digitize the economy and establish a digital public infrastructure (DPI) based on Aadhaar, mobile numbers, and bank accounts. The government has been actively promoting these identifiers as the backbone for secure benefit transfers and fostering innovation in the private sector.
Notably, this is not the first instance of data breaches in India. In June, the government launched an investigation into a data breach involving the CoWin website, where personal data of vaccinated citizens, including VVIPs, was allegedly leaked via a Telegram messenger channel.
The Aadhaar data breach raises concerns about the security of sensitive personal information and highlights the challenges in safeguarding digital infrastructure amidst the ongoing efforts to advance technological integration in the country.