In what could prove to be a serious security breach or a stupid joke, an anonymous user on the darkweb has claimed to possess personal information of 815 million Indias via their Aadhar cards or passports. While instances of data breaches have been reported in the past, this one appears dubious as the cybercriminal is offering the entire set for just $80,000.
Cybersecurity company Resecurity said their investigation revealed that names, phone numbers, and addresses were amongst the fields made available by the criminal on October 9. It was posted via a thread on Breach Forums and claimed that 815 million “Indian Citizen Aadhar and Passport” records were available.
A big threat or a bigger joke?
The threat actor assumed the alias ‘pwn0001’ on the dark web forum with whom investigators at Resecurity’s HUNTER unit established contact. They learned that they were willing to sell the entire dataset, which is close to 60% of India’s population, for a paltry $80,000. Cyber security experts we spoke to said the threat levels need to be ascertained more concretely.
In recent times, we have had similar instances of cyber attacks where data from the Indian Council of Medical Research (ICMR) was reportedly compromised. While some experts warned that even if the latest instance may be overstated, the fact remains that Indian enterprises and government – both state and center) need to tighten their cybersecurity networks.
The Resecurity report said the threat actor offered datasets including, but not limited to, name, father’s name, phone number, passport number, aadhar number, age and gender, as well as address details including location, district, pincode and state. However, they did not specify how the data was obtained.
The threat actors have given some proof
This is where cybersecurity experts are divided. Without getting details of the source of the leak, it would be tough to diagnose what caused the breach or how to fix it. The investigators said the threat actor had shared some spreadsheets containing four large leak samples with bits and pieces of Aadhar data as proof.
“One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” the report noted.
Data leak challenges or just a hype?
Barely a couple of months back, another threat actor going under the alias of ‘Lucius’ had posted a thread on Breach Forums claiming access to data from a 1.8 TB leak from an unnamed law enforcement agency in India. That dataset reportedly contained Aadhar, Voter ID and driving license records.
In fact, at that time the HUNTER analysts had observed a pattern of “prepaid” appearing with multiple records which led investigators to believe that the leak may have come from a telecom carrier that offers prepaid SIM cards or similar services using the KYC protocols. The same threat actor then posted 70 GB of data reportedly stolen from the Pakistan army.
Notwithstanding the debate around the veracity of this data leak, the fact remains that the Comptroller and Auditor General (CAG) had conducted a problem into the Aadhar database and reported that the UIDAI hadn’t effectively regulated its client vendors or safeguarded the security of their data vaults. The red flag was raised in April 2022, but we aren’t aware of action taken.
According to Resecurity, these findings coincide with a global threat landscape where India is placed among the top-5 countries where cyberattacks are a big threat. India ranks fourth in this list in the banking malware detection. Another survey said 200 of India’s IT decision makers noted that 45% of businesses experienced over 50% rise in disruptive cyberattacks in 2022.
