Explorer

7.26 Million Data Records Of BHIM App Users Reported To Be Leaked Online, NPCI Denies Claim

A massive security breach has been reported by a VPN review website which states that over 7 million records of BHIM app users' data have been leaked through a website. National Payments Corporation of India (NPCI) has denied the claims.

New Delhi: Security researchers have found out that 7.26 million records of digital transaction app BHIM, have been exposed publically on a website. Report from VPN review website vpnMentor reveals that the leaked data includes sensitive information like Aadhar card details of account holders, besides names, gender, age, home address, caste status, etc. "The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals," the security researchers from vpnMentor wrote in a blog post. The people who found about the leak contacted India's Computer Emergency Response Team (CERT-In) twice and the breach was dealt with and closed late last month. The BHIM website has been developed by CSC e-Governance Services LTD. in partnership with the Indian government. "In this case, the data was stored on an unsecured Amazon Web Services (AWS) S3 bucket. We reached out to the website's developers to notify them of the misconfiguration in their S3 bucket and to offer our assistance. After not receiving a reply, we contacted India's Computer Emergency Response Team (CERT-In), which deals with cybersecurity in the country," they added. The leak was discovered in April and the data that has been exposed to is close to 409GB. "It's difficult to say precisely, but the S3 bucket seemed to contain records from a short period: February 2019. However, even within such a short timeframe, over 7 million records had been uploaded and exposed." The report has stated that the exposure of BHIM user data is like a hacker gaining access to the entire data infrastructure of a bank, along with millions of its users' account information. Now the National Payments Corporation of India (NPCI) has denied the security breach. The organisation took to Twitter and wrote, "NPCI follows high levels of security to protect its data infrastructure. We would like to clarify that there has been no compromise in data and request all to not fall prey to misinformation. Click to read the official press statement from NPCI." Bharat Interface for Money, popularly known as the BHIM app, was launched in 2016. (With Agency Inputs) WATCH: What is Dark Web And Why You Should Stay Away From It
View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Ajit Pawar Slams Yogi's 'Batenge To Katenge' Call, Says 'This Is Not UP'
'This Is Not UP': Maharashtra Deputy CM & BJP Ally Ajit Pawar Slams Yogi's 'Batenge To Katenge' Call
Devendra Fadnavis Replies To Kanhaiya Kumar's 'Reels' Jibe At Amruta, Says 'I Have Sympathy Of...'
Devendra Fadnavis Replies To Kanhaiya Kumar's 'Reels' Jibe At Amruta, Says 'I Have Sympathy Of...'
Congress Promises LPG Dole To 'Infiltrators' In Jharkhand, JMM Clarifies After BJP Lashes Out
Congress Promises LPG Dole To 'Infiltrators' In Jharkhand, JMM Clarifies After BJP Lashes Out
Maharashtra Election: Parties Tread The Maratha & OBC Reservation Factor Cautiously
Maharashtra Polls: Parties Tread The Maratha & OBC Quota Factor Cautiously
Advertisement
ABP Premium

Videos

Rajasthan Administrative Officers' Union Meets CM Bhajanlal Sharma Ahead Of Tonk By-Election ClashUPPSC Protest Sparks Student Uprising in Prayagraj as RSS-BJP Hold Crucial Meeting Ahead of UP By-ElectionsUPPSC Protest Escalates in Prayagraj, Students Demand Single-Shift Exam Schedule | ABP NewsBJPs Furious Over Ghulam Ahmad Mir's Remarks Says, 'Congress Wants to Create a Separate Nation'

Photo Gallery

Embed widget