Some 815 million residents of India, which is about 10 percent of the world's population, have had their personal information compromised by one hacker, reports say.
The data was hacked from the Indians' Aadhaar cards, which contain digital ID numbers as well as other sensitive personal data. More than 60% of India's 1.3 billion people are enrolled in the government’s Aadhaar biometric digital identity program.
In what was one of the largest data breaches in history according to the Hindustan Times, the personal data is now up for grabs on the dark web for as little as $80,000.
To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans, and a facial photograph.
Aadhaar (Hindi for “foundation”), is a 12-digit unique identity (UID) number issued by the government that was launched in 2012 as part of an initiative to give each Indian resident a unique identification number. It is the largest digital identity system on the planet.
A News 18 report noted that the leak was initially noticed by Resecurity, an American cyber security and intelligence agency. According to the cyber firm, a "threat actor" with the alias "pwn001" posted a thread on Breach Forums, which describes itself as a "premier Databreach discussion and leaks forum".
"pwn001," with a handle on X (formerly Twitter), advertised Aadhaar and passport information along with names, phone numbers, and addresses; these, the hacker claims, were extracted from the Covid-19 test details of citizens registered with the India Council of Medical Research (ICMR).
As a proof, "pwn001" posted spreadsheets with four large leak samples with fragments of Aadhaar data. Upon analysis, these were identified as valid Aadhaar card IDs.
Please Support Real Journalism
Free Press International
[Publish This Content]