Highlights
- Resecurity exposes data breach impacting over 81.5 crore Indian citizens.
- Data sold by pwn0001 mainly includes names, phone numbers, and addresses.
- Only 10 percent of the data set contains Aadhaar information.
- Breach occurs as India passes Digital Personal Data Protection Act, yet to be implemented.
In a significant development, the American cybersecurity agency Resecurity recently exposed a massive data breach affecting over 81.5 crore Indian citizens.
The data, being sold on the dark web by an individual using the alias ‘pwn0001,’ reportedly contains Aadhaar and Passport details.
However, the narrative takes a twist as pwn0001 reveals that only 10% of the data set has Aadhaar details, with only a few thousand records including passport information.
The Scale of the Breach
The data set in question was purchased from a now-defunct dark web forum last year for a sum of $50,000 (Rs 41.64 lakh), according to a report by MoneyControl.
The data set includes names, phone numbers, passport numbers, Aadhar numbers, and several other personal details.
While the database was advertised to contain Aadhaar and Passport details primarily, the actual composition tells a different story.
Limited Aadhaar Exposure
pwn0001, the individual selling this data, has stated that the database isn’t as lucrative as it was originally marketed.
Only a fraction—10%—contains Aadhaar details. Even within that, only a few thousand records boast of having passport details.
Resecurity’s HUNTER team has corroborated this, claiming to have verified some Aadhaar Card IDs from the sample data provided.
The data breach comes at a time when India has passed the Digital Personal Data Protection Act.
This law posits that platforms leaking personal data can face fines up to Rs 250 crore.
However, the law hasn’t been implemented yet, creating a window of vulnerability.
Another breach reported by Resecurity in August further indicates that data security remains a concern, notwithstanding the yet-to-be-enforced laws.
FAQs
Who exposed the data breach?
Resecurity, an American cybersecurity agency, was the first to report the massive data breach involving Indian citizens.
What types of data are included in the breach?
The data includes names, phone numbers, addresses, and in a limited number of cases, Aadhaar and Passport details.
How much of the breached data contains Aadhaar details?
Only 10% of the entire data set includes Aadhaar details, according to the individual selling the data under the alias pwn0001.
Is India’s Digital Personal Data Protection Act in force?
Though India has passed the Digital Personal Data Protection Act, it has not yet been implemented, leaving a gap in data protection measures.
Also Read: How to Download Aadhaar, PAN card on Your WhatsApp
Also Read: PAN Card Online Apply: How to Apply for PAN Card Online, Check Status, and Download e-PAN?