The PF information was leaked in the beginning of this month. It includes UANs as well as names, Aadhaar, and bank account information.
Provident Fund (PF) data of around 28 crore Indians were discovered to have been accessed by hackers earlier in the month. A cyber-security researcher from Ukraine, Bob Diachenko, discovered the leak on August 1st and discovered that information like Universal Account Number (UANs) names and marital status Aadhaar information, gender, and bank account information were made public online. According to Diachenko he discovered two Internet protocol (IP) addresses hosting two clusters of leak information. Both IPs were hosted by Microsoft’s Azure cloud storage service.
Security researcher Bob Diachenko detailed the leak in an blog post in LinkedIn. In August, Diachenko found two distinct IP data clusters that contained indices dubbed UAN. After examining the clusters, Diachenko discovered that the first cluster had 280,472,941 records and the second IP had 8,390,524 entries.
After an initial review of instances (using a browser that is simple) I was convinced that I was seeing something huge and significant Diachenko said in his blog post. But, he wasn’t in a position to determine who was the owner of the information. Both address were stored by Microsoft’s Azure platform, and were based in India. He was not able to get additional details through reverse DNS analysis.
The Shodan and Censys search engines operated by Diachenko’s SecurityDiscovery firm detected these clusters on the 1st of August. It isn’t certain how long the data was online. The information could have been used for gainful access by hackers to account information for the PF account. The information, like gender, name, Aadhaar details, could also be used to make false identities as well as documents.
The researcher tweeted his organization Indian Computer Emergency Response Team (CERT-In) in an tweet to inform them of the breach. The CERT-In responded to his tweet, asking him to send an account of the hack via email. Each IP address was shut down within 12 hours of the tweet. Diachenko states that as of august 3, there has been no business or agency has been able to claim on the responsibility for the hack.