BHM app users warn, claiming that the personal information of 7 million Indians will be violated


The official website has leaked the personal information of more than 7 million Indians, including Aadhaar cards, caste certificates and other documents. The CSC BHM website was used to promote the UPI payment application VHM, but it was found that the website had committed massive data breaches. CSC e-Governance Service India is a program to provide digital access in rural areas and the CSC Bhim project was launched at the village level to fund UPIs through QR codes. However, now a huge number of information about Indian citizens has been leaked on this site.

According to the Israeli cybersecurity agency VPN Mentor, 409 GB of data was leaked from Indian users. It contains fairly sensitive personally identifiable information. The company said the information from this leak could be hacked from the user’s bank account to the user’s account. This deficit was published on 23 April, and it was fixed on 22 May.

However, no evidence has yet been found as to whether the VHM app leaked the data itself, or whether there was something wrong with the UPI system.

How was the CSC BHIM data violated?

of vpnMentor Report It has been claimed that the data collected by VHIM was incorrectly stored in the Amazon Web Services S3 bucket and is universally accessible, meaning that anyone can easily access it. This is a common error that sets up many website cloud systems.

Millions of Indian sensitive information was stored in cloud storage without imposing any security protocol on their accounts.

Let me tell you, this information was stored in the unsecured Amazon Web Services (AWS) S3 bucket. The S3 bucket is a popular form of cloud collection worldwide, but these developers need to keep security protocols in their account.

How was all the data compromised in CSC BHM violation?

According to VPN, the following personal documents were leaked in the S3 bucket:

1. Scan the Aadhaar card
2. Scanned certificate
3. Picture of Address Prune
4. Professional certificates, degrees and diplomas
5. Screenshots of banking app for funds transfer etc.
P. Permanent Account Number (PAN) Card

Apart from these, people’s UPI VPA (Transaction ID) was also leaked.

Leave a Reply

Your email address will not be published. Required fields are marked *