Reports indicate that the Aadhar data of millions of Indians have been breached and offered for sale on the dark web. An American cyber security and intelligence agency, Resecurity has reported that a ‘threat actor’ with the alias ‘pwn001’ posted a thread on Breach Forums,– which describes itself as a ‘premier Databreach discussion and leaks forum’ – enabling access to records of 815 million (81.5 crore) Indians. It has also been reported that the HUNTER investigators established contact with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000.
Pwn0001 declined to specify how they obtained the data. Without the threat actor disclosing the source of the data leak any effort to diagnose the cause of the beach will be speculative.
Concurrently, pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as a proof. One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials.
So far, there has been no official confirmation of the leak from the government.
The mass-leakage of Indian PII data on the Dark Web poses a significant risk for digital identity theft. Misusing these stolen credentials, cybercriminals can perform a range of financially motivated scams like online-banking theft and tax refund frauds etc.
India is one of the fastest-growing economies in the world and has invested substantially in creating digital infrastructure. Aadhar enabled direct benefit transfer is the core of most of the government subsidies on offer. Breach of Aadhar data is a major concern and this may lead to a spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors looking to harm Indian nationals and residents.
