Indian PII and Aadhaar IDs for sale on Darkweb


In a worrying development, it has emerged that millions of Personally Identifiable Information (PII) records, including sensitive Aadhaar cards, linked to Indian residents, are currently being offered for sale on the Dark Web.

THE PII data breach The investigation follows a recent report from credit rating giant Moody’s, which raised concerns about the effectiveness of the Aadhaar system’s biometric authentication guarantees. The report also warns of security and privacy vulnerabilities within Aadhaar’s centralized structure.

The Indian government, however, vehemently refuted the American Business and Financial Services Corporation’s claims, criticizing the organization for failing to provide substantiated data or research to support its claims.

Furthermore, the Press Information Bureau of India had also pointed out that no violations have been officially reported from the Aadhaar database.

However, a recent investigation into the incident by Resecurity’s HUNTER (HUMINT) unit detected the presence of a vast database containing millions of Personally Identifiable Information (PII) records, which notably also include Aadhaar cards belonging to Indian citizens.

Dark Web Revelations: PII Data Breaches and Stolen Identities

Security investigators has identified two threat actors operating on Breach Forums, providing illicit access to Indian PII and Aadhaar records.

One, operating under the pseudonym “pwn0001”, claimed to be in possession of a database containing 815 million Indian citizens’ Aadhaar and passport records, backing up his claims with spreadsheets as proof.

Meanwhile, another malicious actor, identified as “Lucius,” announced storage of 1.8 terabytes. data leak associated with an undisclosed “internal law enforcement organization in India,” which encompassed an even wider range of PII data.

The main sources of this PII data breach appear to be third-party entities, with financial institutions, lending companies, and mobile carriers emerging as prime targets for cyberattacks.

Previous PII Data Breaches: A Troubling Pattern

This is not the first time a PII data breach has made headlines.

In September of this year, a user on the hacker forum known as “Hacking” data made public on Indian taxpayersspecifically from the TaxReturnWala site.

Piracy‘ joined the dark web platform in June 2023, posted 428 times in five months, had a reputation score of 195 and held VIP status. Interestingly, “Hacking” identified himself as a security researcher in his profile.

Furthermore, in the same year, a significant a data breach occurred in June involving the CoWIN portalwhich serves as the primary platform for COVID-19 vaccination registration in India.

This breach put the personal information of Indian citizens at risk as data from the CoWIN portal became accessible on the messaging app Telegram. As a result of this data leak, the Aadhaar card, Voter ID and PAN card details of many Indian citizens were exposed, making them easily accessible to anyone on Telegram.

Additionally, the previous year, an enhanced edition of the Android banking Trojan known as “Drinik” was released. detected cheating Indian taxpayers.

Reportedly, the ‘iAssist’ app was laced with the latest Drinik malware and impersonated the Indian Income Tax Department. This fraudulent activity specifically targeted 18 Indian banks, including the State Bank of India.

Growing threat: protecting Indian citizens

Cybercriminals exploit stolen identities to engage in online banking theft, tax refund fraud, and various other cyber financial crimes.

The country has seen a surge in incidents involving Aadhaar credentials on underground cybercriminal forums, indicating a growing threat to Indian nationals and residents.

Earlier in August, the the government revealed that a total of 36 websites belonging to ministries and departments at the central and state government levels suffered hacking incidents during the first half of 2023.

Rajeev Chandrasekhar, Minister of State for Electronics and IT, presented data in the Lok Sabha, revealing that CERT-In had recorded a complete tally of 1,12,474. cyber security incidents that occurred during this period. These numbers speak volumes about the need for robust cybersecurity measures.

Urgent call for enhanced security

These PII data breaches highlight the urgent need for enhanced security measures to protect India’s extensive biometric identification system and protect the personal information of its citizens from exploitation by cybercriminals.

“It is critical for all businesses to implement robust cybersecurity solutions that can detect and respond to threats in real time,” Sunil Sharma, vice president (sales), Sophos India & SAARC told The Cyber ​​Express.

“It is also the responsibility of everyone, personally and professionally, to maintain constant vigilance and take precautionary measures to protect our collective digital sphere from malicious actors,” he added.

Government agencies, financial institutions and third-party entities must collaborate to implement robust security protocols to thwart potential threats and ensure the integrity of the country’s extensive biometric identification system.

A proactive approach is not only crucial to protecting individual privacy, but also to maintaining public trust in the digital age.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment