Confidential details of personal and financial data of more than 7 million users of Bharat Interface for Money (BHIM), a government supported peer-to-peer Unified payment Interface (UPI) app, has been leaked publicly. The information consisted in these documents could have easily been misused by hackers and crackers to create a whole profile from individuals and target them with scams.
According to the sources, the information of the data was revealed through an unprotected server, which was discovered and reported by researchers at vpnMentort the Indian authorities.
As discovered by the platform vpnMentor in April, the unprotected server had 7.26 million user records. It had a pool of all the private and personal information which included Aadhaar cards, caste certificates, address proofs, professional certificates, college degrees, and Permanent account numbers (PANs), and screenshots taken to show successful fund transfers.
Initially, the vpnMentor team tried alert CSC e-Governance Services, by contacting the developer of the CSC BHIM website and the owner of the S3 bucket, but did not received a response.
Post that it is said that, multiple reports were sent to India’s Computer Emergency Response Team (CERT-In), following which the unprotected AWS bucket was declared secured, and the data was no longer visible in the public’s view.