A cybersecurity expert said that the recent data leak involving 815 million Indian citizens, which included important information like Aadhaar cards and passport details, as well as names, phone numbers, and addresses, appears to be fake.
Independent cybersecurity researcher Rajshekhar Rajaharia posted on a platform called “X,” stating, “Aadhaar data is secure. The data leak of 815 million Indian Aadhaar cards seems suspicious. It seems that the leaked data belongs to mobile operators, and the source may be a third party.”
According to him, there might be data from a few hundred thousand people that got compromised, but there’s no evidence to suggest that the data of 815 million people was leaked.
Rajaharia also mentioned that the reputation of the hacker known as ‘pwn0001’ on the dark web is not good. This hacker claimed responsibility for the data leak. Another hacker group called ‘Lucius’ posted similar data a few days earlier and has also faced negative reputation on the dark web.
The data breach was initially reported by the US-based cybersecurity and intelligence firm Resecurity. They revealed that a threat actor named ‘pwn0001’ posted a message on Breach Forums on October 9, offering access to 815 million records of ‘Indian Citizen Aadhaar and Passport’ data.
Resecurity analysts managed to communicate with the threat actor and discovered that they were willing to sell the entire dataset for $80,000. However, the threat actor didn’t disclose how they obtained the data.
In a related incident, last month, cybersecurity researchers found that the official website of the Ministry of AYUSH in Jharkhand had been hacked, resulting in over 320,000 patient records being exposed on the dark web.
According to the cybersecurity company CloudSEK, the compromised database, totaling 7.3 MB, contained patient records, including personally identifiable information (PII) and medical diagnoses. The breached data also included sensitive information about doctors, such as their PII, login credentials, usernames, passwords, and phone numbers. This data breach was attributed to a threat actor named “Tanaka.”
In conclusion, the data leak of 815 million Indian citizens’ information appears to be questionable, with experts suggesting it might not be as extensive as initially reported. The credibility of the hackers behind it is in doubt, as well as the source of the data. Additionally, a recent breach of patient and doctor records from the Ministry of AYUSH website highlights ongoing cybersecurity concerns. While these incidents raise alarm, it’s essential to stay cautious and verify the authenticity of such data breaches, especially when they involve sensitive personal information.