[ad_1]
According to Israeli cybersecurity company vpnMentor, 409 GB data of Indian users was leaked. Which included quite sensitive personally identifiable information. The company says that through this leak, information ranging from the user’s bank account to the user account can be hacked. This flaw was exposed on April 23 and was fixed on May 22.
However, till now no evidence has been found that BHIM App itself has leaked the data, or there is something wrong with the UPI system.
How was CSC BHIM data breached?
of vpnMentor Report It has been claimed that the data collected by BHIM was being wrongly stored in Amazon Web Services S3 bucket and it was publicly accessible i.e. anyone could easily access it. This is a common error that many websites encounter while setting up cloud systems.
Sensitive data of millions of Indians was stored in cloud storage without applying any security protocol to their accounts.
Let us tell you, this data was stored in an unsecured Amazon Web Services (AWS) S3 bucket. S3 buckets are a popular form of cloud storage around the world, but they require developers to implement security protocols on their accounts.
What all data was compromised in the CSC BHIM breach?
According to vpnMentor, the following private documents were leaked on S3 bucket-
1. Scan Aadhar Card
2. Scan Caste Certificate
3. Address proof photo
4. Professional Certificates, Degrees and Diplomas
5. Screenshots of banking app for fund transfer etc.
6. Permanent Account Number (PAN) Card
Apart from all this, people’s UPI VPA (Transaction ID) was also leaked.
[ad_2]