According to Israeli cybersecurity company vpnMentor, 409 GB data of Indian users was leaked. Including significantly sensitive personally identifiable information. The company says that from this leak, information from the user’s bank account to the user account can be hacked. This shortcoming was revealed on 23 April, while it was fixed on 22 May.
However, till now there is no evidence that the BHIM app itself leaked the data, or that there is something wrong with the UPI system.
How was CSC BHIM data breached?
of vpnMentor Report It has been claimed that the data collected by BHIM was being wrongly stored in the Amazon Web Services S3 bucket and was publicly accessible i.e. anyone could easily access it. This is a common error that occurs when many websites are setting up a cloud system.
Sensitive data of millions of Indians was stored in cloud storage without any security protocols on their accounts.
Let us tell you, this data was stored in the unsecured Amazon Web Services (AWS) S3 bucket. S3 Bucket is a popular form of cloud storage around the world, but it requires developers to install security protocols on their accounts.
What all data was compromised in the CSC BHIM breach?
According to vpnMentor, the following private documents were leaked on S3 Bucket-
1. Scan Aadhar Card
2. Scan Caste Certificate
3. Photo of Address Prune
4. Professional Certificates, Degrees and Diplomas
5. Screenshots of Banking App for Fund Transfer etc.
6. Permanent Account Number (PAN) Card
Apart from all this, the UPI VPA (Transaction ID) of the people was also leaked.