According to the Israeli cybersecurity agency VPN Mentor, 409 GB of data was leaked from Indian users. It contains fairly sensitive personally identifiable information. The company said the information from this leak could be hacked from the user’s bank account to the user’s account. This deficit was published on 23 April, and it was fixed on 22 May.
However, no evidence has yet been found as to whether the VHM app leaked the data itself, or whether there was something wrong with the UPI system.
How was the CSC BHIM data violated?
of vpnMentor Report It has been claimed that the data collected by VHIM was incorrectly stored in the Amazon Web Services S3 bucket and is universally accessible, meaning that anyone can easily access it. This is a common error that sets up many website cloud systems.
Millions of Indian sensitive information was stored in cloud storage without imposing any security protocol on their accounts.
Let me tell you, this information was stored in the unsecured Amazon Web Services (AWS) S3 bucket. The S3 bucket is a popular form of cloud collection worldwide, but these developers need to keep security protocols in their account.
How was all the data compromised in CSC BHM violation?
According to VPN, the following personal documents were leaked in the S3 bucket:
1. Scan the Aadhaar card
2. Scanned certificate
3. Picture of Address Prune
4. Professional certificates, degrees and diplomas
5. Screenshots of banking app for funds transfer etc.
P. Permanent Account Number (PAN) Card
Apart from these, people’s UPI VPA (Transaction ID) was also leaked.