The Patronage Foundation (PF) data of about 28 Indians was revealed by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, discovered on August 1st and found that details like Joint Account Number (UAN), name, marital status, Aadhaar details, gender Computers and bank account details were exposed online. According to Diachenko, he found two different internet protocol (IP) addresses hosting two leaked data clusters. Both of these IPs are hosted on Microsoft’s Azure cloud storage service.
Cybersecurity researcher Bob Diachenko detailed the leak in a parcel On LinkedIn. On August 2, Diachenko discovered two separate IP data clusters containing metrics known as UANs. When looking at the clusters, he found that the first cluster contains 280,472,941 records, while the second IP contains 8,390,524 records.
“After a quick review of the samples (using a simple browser), I’m sure I’m looking at something big and important,” Diachenko said in his post. However, he could not find out who owned the data. Both IP addresses are hosted on Microsoft’s Azure platform and are based in India. He cannot get other information through reverse DNS analysis.
Search engines Shodan and Censys from Diachenko’s SecurityDiscovery company found these clusters on August 1. However, it is unclear how long this information has been available online. The data may have been misused by hackers to gain access to PF accounts. Data such as name, gender, Aadhaar details, can also be used to create fake identities and documents.
The researcher tagged India Computer Emergency Response Team (CERT-In) in tweet Notify them of the leak. CERT-In responded to his tweet asking him to provide a report on the hack in an email. Both IP addresses were taken down within 12 hours of his tweet. Diachenko said that as of August 3, no company or agency has come forward to claim responsibility for the hack