Never miss a story

Get subscribed to our newsletter


×
The volume of exposed data amounted to 409GB. Pixabay

Security researchers have discovered that about 7.26 million records linked to users of mobile payments app BHIM were left exposed to the public by a website.

The exposed data included sensitive information such as names, dates of birth, age, gender, home address, caste status and Aadhaar card details, among others, said the report from VPN review website vpnMentor.


“The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals,” the security researchers from vpnMentor wrote in a blog post on Sunday.

The breach was closed late last month after the researchers contacted India’s Computer Emergency Response Team (CERT-In) twice in a month’s time.

The BHIM website in question was developed by a company called CSC e-Governance Services LTD. in partnership with the Indian government.

“In this case, the data was stored on an unsecured Amazon Web Services (AWS) S3 bucket,” the researchers said, adding that S3 buckets are a popular form of Cloud storage across the world but require developers to set up the security protocols on their accounts.

“We reached out to the website’s developers to notify them of the misconfiguration in their S3 bucket and to offer our assistance. After not receiving a reply, we contacted India’s Computer Emergency Response Team (CERT-In), which deals with cybersecurity in the country,” they added.


Millions of people accross India have been affected by this attack from hackers. Pixabay

It appears CSC established the website connected to the misconfigured S3 bucket to promote BHIM usage across India and sign up new merchant businesses, such as mechanics, farmers, service providers, and store owners onto the app, according to the research led by vpnMentor’s Noam Rotem and Ran Locar.

The volume of exposed data which was first discovered by the security researchers on April 23 amounted to 409GB.

]Also Read: Xiaomi to Unveil Mi Notebook on June 11 in India

“It’s difficult to say precisely, but the S3 bucket seemed to contain records from a short period: February 2019. However, even within such a short timeframe, over 7 million records had been uploaded and exposed,” said the report.

“The exposure of BHIM user data is akin to a hacker gaining access to the entire data infrastructure of a bank, along with millions of its users’ account information,” it added.

Offered by the National Payments Corporation of India (NPCI), the app BHIM, or Bharat Interface for Money, was launched in 2016. (IANS)


Popular

VOA

In this file illustration photo taken Aug. 12, 2021, the Facebook logo is shown on a smartphone in front of a computer screen in Los Angeles

SAN FRANCISCO — Facebook critics pounced Wednesday on a report that the social network plans to rename itself, arguing it may be seeking to distract from recent scandals and controversy.

The report from tech news website The Verge, which Facebook refused to confirm, said the embattled company was aiming to show its ambition to be more than a social media site.

Keep Reading Show less
VOA

Surgeons attached a pig kidney to a pair of large blood vessels outside the body of a deceased recipient so they could observe it for two days, and the kidney did what it was supposed to do.

Scientists temporarily attached a pig's kidney to a human body and watched it begin to work, a small step in the decades-long quest to one day use animal organs for lifesaving transplants.

Pigs have been the most recent research focus to address the organ shortage, but among the hurdles: A sugar in pig cells, foreign to the human body, causes immediate organ rejection. The kidney for this experiment came from a gene-edited animal, engineered to eliminate that sugar and avoid an immune system attack.

Keep Reading Show less
Photo by Wikimedia Commons

Killer Smog in Delhi.

Developed by the Indian Institute of Tropical Meteorology (IITM), Pune, a Decision Support System (DSS) that extends the ability of the existing air quality early warning system (AQEWS) to have decision-making capability for air quality management in Delhi-NCR was launched on Tuesday.

The website for the DSS (https://ews.tropmet.res.in/dss/) is designed to help the Commission for Air Quality Management for NCR and Adjoining Areas (CAQM) by delivering quantitative information about the contribution of emissions from Delhi and its 19 surrounding districts; the contribution of emissions from eight different sectors in Delhi; and the contribution from biomass-burning activities in the neighbouring states.

These information would assist in managing the air quality in a timely manner, a release from the Ministry of Earth Sciences said.

The need was stated by the CAQM, which was formed by the Ministry of Environment, Forest and Climate Change, during a meeting held in January 2021.

Recently, the Commission reviewed the progress made by IITM and had in principle approved the current version of DSS for air quality management in the Delhi-NCR. The IITM has also developed a new website for DSS with the entire system made operational, the release said.

Union Minister of State for Earth Sciences, Jitendra Singh, while launching the website for AQEWS on the occasion of 'Azadi Ka Amrit Mahotsav' week organised by the Ministry of Earth Sciences, said, "DSS is a significant contribution to 'Azadi Ka Amrit Mahotsav' on behalf of MoES and IITM and suggestions are invited on this issue."

The website also has a feature whereby the users can create their own emission reduction scenarios (from 20 different districts, including Delhi) so as to examine the possible projected improvement in air quality in Delhi for the next five days.

"This information would explicitly highlight the most important emission sources responsible for the degradation of air quality in Delhi and suggest possible solutions to ameliorate the same. With a plethora of quantitative data, the AQEWS integrated with DSS could become a user-friendly tool for air-quality management in and around Delhi," the release said. (IANS/JB)

Keywords: Delhi, India, Pollution, IITM, Ministry of Earth Sciences