Cybersecurity professionals are debating the authenticity of what is being called India’s largest data breach. India’s alleged COVID data leak includes personal information of nearly 815 million people from the Indian Council of Medical Research (ICMR).
Expressing doubts over the source of Indian COVID data leak, researchers from Cyced Research and intelligence Laboratories verified that they strongly believed that the information did not come from ICMR.
ICMR is a government organization that conducts biomedical research among other things and is known as one of the oldest medical research centers in the world.
Speculation on Indian COVID data leak
According to initial reports, the leak of Indian COVID data was noticed by American cybersecurity company Resecurity. They discovered that a violation forum user with the pseudonym pwn0001 had posted about selling information about 815 million Indians. This included passports, details of the government-issued scheme from their Aadhaar card and much more.
This claim was also quickly rejected by threat intelligence platform Falcon Feeds. He said, “We strongly believe that the speculation labeling this data as India’s COVID data or ICMR data is incorrect. »
Questioning the type of data, they added: “The seller did not identify this as medical data, and initial reports suggesting this were based on speculation.”
The first reports of another the media confirmed that the Computer Emergency Response Team of India (CERT-In) informed ICMR about the ICMR data leak. They said that apart from alerting the ICMR, CERT-In informed about verification of data samples found on the dark web.
The details matched the actual data stored in the ICMR, following which all major agencies were called in to investigate what became known as India’s biggest data breach.
Concluding speculation about the source of the data, Cyble researchers said there was a high probability that the data came from another source.
Regardless data source when questioned by security researchers, it can be confirmed that the hacker forum user did indeed post data samples with Aadhaar details as proof. It is essential that the massive data leak of Indian citizens is thoroughly investigated and exposed data is removed to prevent further abuse.
The hacker forum user posted about the Indian COVID data leak on October 9, claiming that the data amounts to 90 GB. “I have never sold this data anywhere or to anyone before “this is the latest private data,” they wrote in the message.
The hacker forum user noted that among the 815 million people, the data included names, phone numbers, Aadhaar Number, gender and addresses. Noting the source of the data, the initial news The report said: “The threat actor claimed that the data – extracted from Covid-19 test details of citizens – came from ICMR. »
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.