BHIM Data Leak Exposes 7.26 Million Users’ Information: Report

News of data hacks and leaks keep hitting the headlines frequently. Now here's a data leak right inside our country, affecting as many as 7.26 million users. Security researchers have found that 7.26 million records linked to users of mobile payments app BHIM were left exposed to the public by a website.

Advertisement

BHIM Data Leak

BHIM is an Indian mobile payment app developed by the National Payments Corporation of India, based on the unified payments interface or UPI. The BHIM website that was hacked was developed by a company called CSC e-Governance Services LTD. in partnership with the Indian government. The data leak has left sensitive information like names, date of births, age, address, Aadhar card details, and more.

Advertisement

"The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals," said the report from vpnMentor.

The data in question here was stored on an unsecured Amazon Web Services S3 bucket, security researchers noted. An S3 bucket is a popular form of cloud storage, which also requires developers to up the security protocols on their accounts. When the researchers reached out to the website developers, they didn't receive any reply.

Advertisement

Next, the contacted India's Computer Emergency Response Team (CERT-In), which deals with cybersecurity in the country. It appears CSC had established the website connected to the misconfigured S3 bucket to promote BHIM usage across India to promote the signing up of new merchant businesses.

BHIM Data Exposed: How Series Is It?

Researchers note that it's hard to precisely point out the number of users affected. "It's difficult to say precisely, but the S3 bucket seemed to contain records from a short period: February 2019. However, even within such a short timeframe, "over 7 million records had been uploaded and exposed," the report says.

Advertisement

It should be noted that the BHIM data leak is equivalent to a hacker getting access to the entire data setup of a bank, along with millions of its user information. In an economy that's already going through a slowdown and recession, data hacks can easily lead to money loss as well. Presently, no action has been taken yet and we await further information.

Best Mobiles in India