NB Explains | Aadhaar Data on sale via Dark Web? Know what we know far

The hacker was willing to sell the entire Aadhaar and Indian passport dataset for 80,000 US dollars when contacted by Resecurity

NewsBharati    31-Oct-2023 12:40:25 PM
Total Views |
In a serious data breach, personally identifiable information of 815 million Indians has been up on the dark web for sale, according to a report by US-based cybersecurity firm Resecurity. Details such as Aadhaar and passport information along with names, phone numbers and addresses are available for sale online, it has said.
 
Data Breach
 
“Securing assets is of importance for businesses in today’s world. The recent incident where the personal information of 815 million Indians was exposed in a data leak highlights the need for companies to take adequate measures,” said Sanjay Kaushik, managing director of Netrika Consulting.
According to the Resecurity website, on October 9 an individual using the alias “pwn0001” shared a post on BreachForums (a darknet crime forum) offering access to 815 million records containing information on “Indian Citizen Aadhaar and Passport”.
 
The hacker was willing to sell the entire Aadhaar and Indian passport dataset for $80,000 when contacted by Resecurity.
 
 
 
In August this year, another threat actor known as “Lucius” posted a thread on BreachForums offering to sell a 1.8 terabyte data leak related to an unnamed “Indian internal law enforcement organisation”.
 
In April 2022, the Comptroller and Auditor General conducted an investigation into the Unique Identification Authority of India (UIDAI) and discovered that the authority had not effectively regulated its client vendors and safeguarded the security of their data vaults, as stated in a Brookings report.
Since its inception in 2009, UIDAI has issued approximately 1.4 billion Aadhaar cards. A report from the Brookings Institution in 2022 highlighted that the ID system ranked among the world’s largest biometric identification initiatives.
 
“Adopting measures like encryption, multifactor authentication and access controls are vital to protect data. Regular security audits and updates are also components of a cybersecurity strategy that can adapt to emerging threats effectively,” said Kaushik.
 
The exposure of personally identifiable information on the dark web, which includes Aadhaar and other personal details of Indian citizens, poses a substantial threat of digital identity theft. Malicious actors use pilfered identity data to engage in activities such as online banking fraud, tax refund scams and various cyber financial crimes.