In a startling revelation on October 9, 2023, an anonymous user under the alias ‘pwn0001’ on BreachForums disclosed access to an enormous data trove comprising 815 million records of Indian citizens, including sensitive Aadhaar and passport details. This leak is being touted as potentially the largest data breach in India’s history.
The Leak: An Unprecedented Scale
The exposed data encompasses a wide range of personal information, such as names, addresses, phone numbers, Aadhaar numbers, and passport details. The breach was first reported by the U.S.-based cybersecurity firm Resecurity, which highlighted the magnitude of the compromised data on the dark web.
A sample dataset of 1 lakh (100,000) entries was shared online to substantiate the authenticity of the data. Resecurity’s analysis confirmed the presence of valid Aadhaar Card IDs, which raised alarms about the severity of the breach.
Investigation and Skepticism
The Central Bureau of Investigation (CBI) has initiated a probe into this massive data breach. This investigation comes at a critical time, following the recent introduction of India’s Data Protection Law, the Digital Personal Data Protection Act 2023, in August.
However, the legitimacy of the data leak has been questioned by some experts. Security researcher Rajshekhar Rajaharia suggested that the leaked data might not be directly from the Aadhaar database but could be linked to mobile operators, sourced from third parties. He posited that the actual number of affected individuals might be significantly lower than reported.
Seller’s Claims and Motives
The dark web seller, ‘pwn0001’, attempted to sell the database for $80,000 or approximately Rs 66.6 Lakhs. This price was claimed to cover the expenses incurred in acquiring the data. To validate the data’s authenticity, the seller provided potential buyers with spreadsheets containing vital information.
Implications and Concerns
This breach has reignited concerns about data safety and privacy in India. It underscores the vulnerabilities in the security systems protecting critical personal data. The incident has brought to the forefront the need for stringent data protection measures and robust cybersecurity infrastructure.
The Indian government and cybersecurity agencies are working tirelessly to assess the full impact of this breach. The outcomes of the CBI investigation are eagerly awaited, as they will shed light on the veracity of the data and the source of the leak.
Conclusion
The Aadhaar data leak of 2023 serves as a stark reminder of the threats posed by cyberattacks in the digital age. It underscores the importance of enhanced data protection policies and the need for constant vigilance in safeguarding personal information in the era of digital identities.