Provident Fund (PF) data of about 28 crore Indians was found to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the discovery on August 1, finding that details such as Universal Account Number (UANs), names, marital status, Aadhaar details, gender and bank account details were revealed online. According to Diachenko, he found two different Internet Protocol (IP) addresses that host two clusters of leaked data. Both IPs were hosted on Microsoft’s Azure cloud storage service.
Cybersecurity researcher Bob Diachenko detailed the leak in a post on LinkedIn. On August 2, Diachenko discovered two separate IP clusters with data containing indices called UAN. Looking at the clusters, he found that the first cluster contained 280,472,941 records, while the second contained IP 8,390,524 records.
“After a quick review of the samples (using a simple browser), I was sure I was looking at something big and important,” Diachenko said in his post. However, he could not find out who the data belonged to. Both IPs were hosted on Microsoft’s Azure platform and based in India. He was unable to obtain any other information through a reverse DNS analysis.
The search engines Shodan and Censys of Diachenko’s SecurityDiscovery firm found these clusters on August 1. However, it is not clear how long the information was available online. The data may have been misused by hackers to gain access to the PF account. Information such as name, gender and Aadhaar details can also be used to create false identities and documents.
The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet inform about the leak. The CERT-In responded to his tweet, asking him to provide a report of the hack in an email. Both IP addresses were removed within 12 hours of his tweet. Diachenko says that since August 3, no company or agency has come forward to take responsibility for the hack