Cyber security news for all

More

    India’s BHIM payments platform reportedly leaks 7million users’ data

    The rate at which users’ data are exposed is a cause for alarm. India’s BHIM has had a breach in their database where millions of transactions take place. BHIM is an app based on the Unified Payments Interface (UPI) platform by the National Payments Corporation of India. The UPI is also used by other services like Paytm, Google Pay, PhonePe, and WhatsApp payments, to expedite financial transactions. This breach exposed personal data of 7million Indians.

    According to the app’s official account, the divulged data poses a significant threat as an average of 1 billion transactions were made over the last three months.

    The personal data leaked could be used for extortion of money or private information from users. Given the delicate nature of the documents, the company has also expressed fears about hackers taking advantage of details; like UPU IDs to trace users’ financial records, some of which include minors.

    A research team from VPN Mentor, a cybersecurity company, released a report stating that the 409GB of data, which belongs to the BHIM’s website, was stored in a misconfigured AWS S3 bucket list thereby making it publicly accessible and vulnerable. This unsecured database was discovered by the VPN Mentor research team earlier on the 23rd of April; and they alerted India’s Computer Emergency Response Team (CERT-In) on the 28th of April. On the 22nd of May, after the second contact with CERT-In, the breach was closed.

    The database mostly contained onboarding documents for opening bank accounts such as; scans of Aadhar IDs, caste certificates, proof of residence, Permanent Account Number (PAN) cards, and screenshots of fund transfers for proof, dating back to February 2019. It also contained more than 1million UPI IDs, which are directly linked to users’ bank accounts.

     

     

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox