Table of Contents

Personal data of more than 70 lakh Indians has been leaked on the government website, including Aadhar card, caste certificate and other documents. The CSC BHIM website is used to promote the UPI payment app BHIM, but it is reported that there has been a massive data breach on this website. CSC e-Governance Service India is a program to provide digital access to rural areas and CSC BHIM project was launched at village level to accept UPI payments through QR codes. However, now the news of a large number of Indian citizens’ data being leaked on this site has come to the fore.

According to Israeli cybersecurity company vpnMentor, 409 GB data of Indian users was leaked. Including significantly sensitive personally identifiable information. The company says that from this leak, information from the user’s bank account to the user account can be hacked. This shortcoming was revealed on 23 April, while it was fixed on 22 May.

However, till now there is no evidence that the BHIM app itself leaked the data, or that there is something wrong with the UPI system.

How was CSC BHIM data breached?

of vpnMentor Report It has been claimed that the data collected by BHIM was being wrongly stored in the Amazon Web Services S3 bucket and was publicly accessible i.e. anyone could easily access it. This is a common error that occurs when many websites are setting up a cloud system.

Sensitive data of millions of Indians was stored in cloud storage without any security protocols on their accounts.

Let us tell you, this data was stored in the unsecured Amazon Web Services (AWS) S3 bucket. S3 Bucket is a popular form of cloud storage around the world, but it requires developers to install security protocols on their accounts.

What all data was compromised in the CSC BHIM breach?

According to vpnMentor, the following private documents were leaked on S3 Bucket-

1. Scan Aadhar Card
2. Scan Caste Certificate
3. Photo of Address Prune
4. Professional Certificates, Degrees and Diplomas
5. Screenshots of Banking App for Fund Transfer etc.
6. Permanent Account Number (PAN) Card

Apart from all this, the UPI VPA (Transaction ID) of the people was also leaked.

Leave a Reply

Your email address will not be published.