Around 70 Lakhs Indians Data at Risk, Bhim App users beware, claim of personal data of 70 lakh Indians being breached

WhatsApp Channel Join Now
Telegram Group Join Now
WhatsApp Channel Join Now


Personal data of more than 70 lakh Indians has been leaked on the government website, which includes Aadhaar card, caste certificate and other documents. CSC BHIM website is used to promote UPI payment app BHIM, but there is news that there has been a large scale data breach of this website. CSC e-Governance Service India is a program to provide digital access in rural areas and CSC BHIM project was launched to accept UPI payments through QR codes at the rural level. However, now the news of leakage of data of a large number of Indian citizens has come to light on this site.

According to Israeli cybersecurity company vpnMentor, 409 GB data of Indian users was leaked. Which included quite sensitive personally identifiable information. The company says that through this leak, information ranging from the user’s bank account to the user account can be hacked. This flaw was exposed on April 23 and was fixed on May 22.

However, till now no evidence has been found that BHIM App itself has leaked the data, or there is something wrong with the UPI system.

How was CSC BHIM data breached?

of vpnMentor Report It has been claimed that the data collected by BHIM was being wrongly stored in Amazon Web Services S3 bucket and it was publicly accessible i.e. anyone could easily access it. This is a common error that many websites encounter while setting up cloud systems.

Sensitive data of millions of Indians was stored in cloud storage without applying any security protocol to their accounts.

Let us tell you, this data was stored in an unsecured Amazon Web Services (AWS) S3 bucket. S3 buckets are a popular form of cloud storage around the world, but they require developers to implement security protocols on their accounts.

What all data was compromised in the CSC BHIM breach?

According to vpnMentor, the following private documents were leaked on S3 bucket-

1. Scan Aadhar Card
2. Scan Caste Certificate
3. Address proof photo
4. Professional Certificates, Degrees and Diplomas
5. Screenshots of banking app for fund transfer etc.
6. Permanent Account Number (PAN) Card

Apart from all this, people’s UPI VPA (Transaction ID) was also leaked.

You Can Translate it in Your Language By Exiting Mobile Version
WhatsApp Channel Join Now
Telegram Group Join Now
WhatsApp Channel Join Now

Leave a Comment