According to researchers, 409 GB worth of BHIM’s customer data was available on a public domain.
A week ago Hackread.com reported how personal and sensitive data of 29 million Indian job seekers was leaked on the dark web. Now, Bharat Interface for Money (BHIM), India’s emerging new e-payments platform, has suffered a massive data breach and sensitive financial data of around 7 million Indians is possibly at risk.
The breach was discovered on April 23, 2020, but only announced recently.
BHIM is a mobile payment application that was launched in 2016 by the National Payments Corporation of India. The breach was reported by Israel-based cybersecurity firm vpnMentor’s Noam Rotem and Ran Locar.
The duo revealed that 409 GB worth of data was available on a public domain after the exposure. The leaked information may include personally identifiable information including bank records, Aadhaar card images, residential status and proof, caste certificates, and full profile of BHIM customers.
See: Data of 47.5 million Truecaller Indian users sold online
Researchers claim that a campaign to invite users and business merchants to sign-up on the app was being carried out via the BHIM website. A portion of the collected data was being stored in a misconfigured Amazon Web Service S3 bucket, and hence, was publicly accessible.
Reportedly, records submitted from February 2019 onwards were stored in the S3 bucket.
BHIM app was primarily developed to encourage cashless transacti ..
Support the originator by clicking the read the rest link below.
