Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Elections 2019
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / #LeakAlert: Data of 7 million+ BHIM users exposed
  • Science

    #LeakAlert: Data of 7 million+ BHIM users exposed

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Jun 01, 2020, 11:33 pm
    #LeakAlert: Data of 7 million+ BHIM users exposed
  • Personal and financial data of more than 7 million users of BHIM, a government-backed peer-to-peer UPI payments app, has been leaked publicly.

    The data was exposed through an unprotected server, which was discovered and reported by researchers at vpnMentor to the Indian authorities.

    Now, it has been secured, the company said in a blog post.

    Here are all the details.

  • In this article
    Leak through CSC BHIM website What kind of data it included? Action taken after multiple warnings What NPCI, BHIM's developer, says on the matter No clarity over who accessed the bucket
  • Leak

    Leak through CSC BHIM website

    Leak through CSC BHIM website
  • When BHIM was launched in 2016, a CSC website (http://cscbhim.in/) was created as part of a campaign to bring as many users and merchants as possible to the app.

    All the data collected through this campaign, estimated to be 409GB in size, was stored on an Amazon Web Services S3 bucket and left unprotected, open to be accessed/downloaded by anyone knowing where to look.

  • Details

    What kind of data it included?

  • As spotted by vpnMentor in April, the unprotected bucket had 7.26 million user records, which included Aadhaar cards, caste certificates, address proofs, professional certificates, college degrees, and Permanent account numbers (PANs), and screenshots taken to show successful fund transfers.

    The information included in these documents could have easily been used by attackers to create a whole profile of individuals and target them with scams.

  • Action

    Action taken after multiple warnings

  • Initially, the vpnMentor team tried contacting CSC e-Governance Services, the developer of the CSC BHIM website and the owner of the S3 bucket, but did not receive a response.

    Then, multiple reports were sent to India's Computer Emergency Response Team (CERT-In), following which the unprotected AWS bucket was secured, and the data was no longer being exposed.

  • Response

    What NPCI, BHIM's developer, says on the matter

    What NPCI, BHIM's developer, says on the matter
  • The National Payments Corporation of India (NCPI), which developed the BHIM app, says that the exposure does not relate to the app data.

    "There has been no data compromise at BHIM App. NPCI follows a high level of security and an integrated approach to protect its infrastructure and continue to provide a robust payments ecosystem," it said in a statement quoted by Economic Times.

  • Information

    No clarity over who accessed the bucket

  • That being said, it must also be noted that as of now, it is not clear if anyone had accessed the unprotected Amazon bucket before it was plugged or not.

  • Amazon
  •  
Latest News
  • All about Lagom: The Swedish way to a happy life
    All about Lagom: The Swedish way to a happy life
    Lifestyle
  • SL vs ENG: Moeen Ali cleared to join England's bubble
    SL vs ENG: Moeen Ali cleared to join England's bubble
    Sports
  • Manchester United's Premier League performance at Anfield since Ferguson's retirement
    Manchester United's Premier League performance at Anfield since Ferguson's retirement
    Sports
  • Want to get an even skin tone? Follow these tips
    Want to get an even skin tone? Follow these tips
    Lifestyle
Related Timelines
  • Edureka e-learning platform caught exposing data of 20 lakh students
    Edureka e-learning platform caught exposing data of 20 lakh students
    Science
  • #LeakAlert: Data of 235 million TikTok, Instagram, YouTube users exposed
    #LeakAlert: Data of 235 million TikTok, Instagram, YouTube users exposed
    Science
  • #LeakAlert: 7 VPN services leaked 1.2TB private user data
    #LeakAlert: 7 VPN services leaked 1.2TB private user data
    Science
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Cricket News Donald Trump Arnab Goswami Hollywood News WhatsApp Bollywood News
Vaccine Congress Tesla Manchester United Farmers Protest International Monetary Fund SCG Test Bajaj Dominar 400 Latest Gadget Launch Latest Automobile News
Coronavirus Brisbane Test MediaTek Dimensity 1000+ COVAXIN Latest Tech News
About Us Privacy Policy Terms & Conditions Contact Us News News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021