Security researchers have discovered that about 7.26 million records linked to users of mobile payments app BHIM were left exposed to the public by a website. This has leaked personal records of more than 70 lakh users in India. This is stated in a report by israeli cyber security website vpnMentor. However, the National Payments Corporation of India (NPCI) has rejected this claim of data leaks.
Israel's cyber security website, in its report, has said that 409 gigabytes of data leaks include personal information such as Aadhaar card tales, cast certificates, residence proof, bank records and complete profiles of people. The security firm said, according to how the leaked data vpnMentor was examined, the BHIM website was used to sign-up users and business merchants to the app in a campaign.
Some of its related data was placed in a misconfigured Amjon Web Services S3 bucket and was easily available to everyone. According to the report, the S3 bucket had records from February 2019. S3 bucket is a form of cloud storage, but developers have to create security protocols in their accounts. The website has been developed by CSC e-governance services in partnership with the Government of India.
The cyber security firm said in a statement, "the level of leaked data is very high, which can affect millions of people across the country.
This can make hackers and cyber criminals, people victims of fraud, theft and attack. "The volume of leaked sensitive and private data, including UPI ID, document scans, makes this burglary more alarming," said vpnMentor's cyber security resertures Noam Rotem and Rane Loker. He has said that the exposure of Bhim user data is exactly the same as a hacker has got the account information of millions of users with the entire data infrastructure of a bank. The bug was reported in April, which was fixed at the end of last month.
NPCI said, "No data burglary the National Payments Corporation of India (NPCI) has said, "We have received some news reports that talk about data burglary in the Bhim app.
We want to make it clear that there is no data in the Bhim app and will ask everyone to avoid such speculations. NPCI uses a top-class security and integrated approach to protect its infrastructure. The Economic Times has also e-mailed CSC e-governance services India on this news, but no response has yet been received.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Reddit and Facebook. For newest tech & gadget videos subscribe to our YouTube Channel.
Israel's cyber security website, in its report, has said that 409 gigabytes of data leaks include personal information such as Aadhaar card tales, cast certificates, residence proof, bank records and complete profiles of people. The security firm said, according to how the leaked data vpnMentor was examined, the BHIM website was used to sign-up users and business merchants to the app in a campaign.
Some of its related data was placed in a misconfigured Amjon Web Services S3 bucket and was easily available to everyone. According to the report, the S3 bucket had records from February 2019. S3 bucket is a form of cloud storage, but developers have to create security protocols in their accounts. The website has been developed by CSC e-governance services in partnership with the Government of India.
The cyber security firm said in a statement, "the level of leaked data is very high, which can affect millions of people across the country.
This can make hackers and cyber criminals, people victims of fraud, theft and attack. "The volume of leaked sensitive and private data, including UPI ID, document scans, makes this burglary more alarming," said vpnMentor's cyber security resertures Noam Rotem and Rane Loker. He has said that the exposure of Bhim user data is exactly the same as a hacker has got the account information of millions of users with the entire data infrastructure of a bank. The bug was reported in April, which was fixed at the end of last month.
NPCI said, "No data burglary the National Payments Corporation of India (NPCI) has said, "We have received some news reports that talk about data burglary in the Bhim app.
We want to make it clear that there is no data in the Bhim app and will ask everyone to avoid such speculations. NPCI uses a top-class security and integrated approach to protect its infrastructure. The Economic Times has also e-mailed CSC e-governance services India on this news, but no response has yet been received.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Reddit and Facebook. For newest tech & gadget videos subscribe to our YouTube Channel.
BHIM Data Leak Exposes 7 Million Indian's Data including Aadhaar and UPI : Report
Reviewed by Tech Ugly
on
Monday, June 01, 2020
Rating:
Reviewed by Tech Ugly
on
Monday, June 01, 2020
Rating:
No comments: