Cyber security news for all

More

    India’s BHIM payments platform reportedly leaks 7million users’ data

    The rate at which users’ data are exposed is a cause for alarm. India’s BHIM has had a breach in their database where millions of transactions take place. BHIM is an app based on the Unified Payments Interface (UPI) platform by the National Payments Corporation of India. The UPI is also used by other services like Paytm, Google Pay, PhonePe, and WhatsApp payments, to expedite financial transactions. This breach exposed personal data of 7million Indians.

    According to the app’s official account, the divulged data poses a significant threat as an average of 1 billion transactions were made over the last three months.

    The personal data leaked could be used for extortion of money or private information from users. Given the delicate nature of the documents, the company has also expressed fears about hackers taking advantage of details; like UPU IDs to trace users’ financial records, some of which include minors.

    A research team from VPN Mentor, a cybersecurity company, released a report stating that the 409GB of data, which belongs to the BHIM’s website, was stored in a misconfigured AWS S3 bucket list thereby making it publicly accessible and vulnerable. This unsecured database was discovered by the VPN Mentor research team earlier on the 23rd of April; and they alerted India’s Computer Emergency Response Team (CERT-In) on the 28th of April. On the 22nd of May, after the second contact with CERT-In, the breach was closed.

    The database mostly contained onboarding documents for opening bank accounts such as; scans of Aadhar IDs, caste certificates, proof of residence, Permanent Account Number (PAN) cards, and screenshots of fund transfers for proof, dating back to February 2019. It also contained more than 1million UPI IDs, which are directly linked to users’ bank accounts.

     

     

    Recent Articles

    Millions of RDP attacks on home offices

    Since the corona related move to the home office, the number of daily hacker attacks on remote desktop connections has increased more than tenfold....

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox