Earlier this month, the Provident Fund (PF) data of about 28 crore Indians was leaked by hackers. On August 1, a Ukrainian cybersecurity researcher, Bob Diachenko, conducted a search and found that details such as Universal Account Number (UAN), name, marital status, Aadhaar details, gender and bank account details had surfaced online. According to Diachenko, they found two different Internet Protocol IP addresses, which belonged to two groups of leaked data. Both of these IPs were hosted on Microsoft’s Azure cloud storage service.
Cybersecurity researcher Bob Diachenko gave information about the leaked data in a post on LinkedIn. On August 2, Diachenko discovered two different IP groups of data that contained an index called UAN. On reviewing the clusters they found that the first cluster had 280,472,941 records, while the second IP had 8,390,524 records.
Diachenko said in his post that “after a quick review of the sample, I was sure I was seeing something bigger and more urgent.” However, he was not able to ascertain who is the owner of the data. Both the IP addresses were hosted on Microsoft’s Azure platform and were based in India. He was not able to obtain other information through reverse DNS analysis.
These clusters were found by the Shodan and Sensys search engines of Diachenko’s security discovery firm on August 1. However, it is not clear how long this information was available online. The data could have been misused by hackers to gain access to the PF account. Data like name, gender, Aadhaar details can also be used to create fake identities and documents.
The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet and informed about the leak. CERT-In responded to his tweet and asked him to report the hack in an email. Within 12 hours of his tweet, both the IP addresses were removed. Diachenko said that since August 3, no company or agency has come forward to claim responsibility for the hack.