Biggest data leak: Aadhaar Personal data of 81.5 crore Indians on sale on dark web

Nov 05,2023
2 min read
0
1.03 thousand Views

Although no official response has been issued by the Indian Council of Medical Research (ICMR) or the government, there are reports suggesting that the Central Bureau of Investigation (CBI) may investigate this matter once a formal complaint is lodged by the ICMR.

To put this situation into perspective, the leaked data includes information on more than 81.5 crore Indian citizens, which is approximately ten times the total population of countries like Iran, Turkey, and Germany, ranking as the 17th, 18th, and 19th most populous nations in the world, respectively. It's important to note that India itself holds the title of the world's most populous country, with a population of 1.43 billion people.

The leaked information comprises personal data such as Aadhaar and passport details, as well as names, phone numbers, and addresses. According to the report, this sensitive information appears to have been obtained from Covid-19 test records of individuals registered with the ICMR. This incident is considered one of the largest data breaches in the history of India. A cybersecurity firm based in the United States, Resecurity, has brought attention to this alarming breach. The data sets that are currently for sale on the dark web contain highly confidential details.

What information has been leaked?

In what could be one of the biggest data breaches in Indian history, details of over 81.5 crore Indian citizens are on sale on the dark web, US-based cybersecurity firm Resecurity reported. The data sets on sale contain crucial information such as Aadhaar and passport details, along with names, phone numbers, and addresses, according to the report.

In what is being described as possibly the ‘biggest' case of data leak in the country, personal details of more than 81.5 crore Indians, sourced allegedly from the Indian Council of Medial Research (ICMR), have been leaked online, as per a report.

In this sample leak, the analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a "Verify Aadhaar" feature. The analysts also managed to connect with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000 (over Rs 66 lakh).

In this breach, analysts have identified valid Aadhaar Card IDs, which were verified through a government portal that offers a "Verify Aadhaar" feature. Furthermore, the analysts managed to establish contact with the threat actor behind the breach and discovered that they were willing to sell the entire dataset, which includes Aadhaar and Indian passport information, for a sum of $80,000 (equivalent to over Rs 66 lakh).

It is worth noting that the threat actor did not disclose the method through which they obtained this data. In a related incident, cybersecurity researchers recently uncovered a breach of the official website of the Ministry of AYUSH in Jharkhand, which exposed over 3.2 lakh patient records on the dark web.