: EPFO pension scheme holders data exposed online, claims security researcher #IndiaNEWS #India New Delhi: A Ukraine-based cybersecurity researcher and journalist has claimed that about 288 million
EPFO pension scheme holders data exposed online, claims security researcher #IndiaNEWS #India
New Delhi: A Ukraine-based cybersecurity researcher and journalist has claimed that about 288 million personal records, containing the full name, bank account number and nominee information of the Employees Pension Scheme (EPS) holders in the Employees Provident Fund Organisation (EPFO), were exposed online before being taken off the Internet.
The security researchers claim about the data exposed online was yet to be verified by the EPFO, national cyber agency CERT-In or the IT Ministry.
Bob Diachenko, cyber threat intelligence director and journalist at SecurityDiscovery.com, claimed that their systems identified two separate IPs with Universal Account Number (UAN) data.
An IP address is a unique address that identifies a device on the internet or a local network. IP stands for Internet Protocol.
UAN stands for Universal Account Number and this is an important part of the Indian government registry. UAN is allotted by EPFO, he wrote in a blogpost.
Each record contained personal information, including marital status, gender and date of birth, UAN, bank account number and employment status, among others.
While 280 million records were available under one IP address, the other IP address had about 8.4 million data records publicly exposed, claimed the researcher.
Given the scale and obvious sensitivity of data, I decided to tweet about it, without giving any details as of source and associated info. Within 12 hours after my tweet both IPs were taken down and now unavailable, Diachenko claimed.
As of August 3rd, I did not hear back from any agency or company who would claim responsibility for the data found, he added.
According to the security researcher, both IPs were Azure-hosted and India-based.
No other information was obtained through reverse DNS analysis as well. Both Shodan and Censys search engines picked them up on August 1st, but it is unknown for how long this information was exposed before search engines indexed them, the security researcher said.
He also tweeted: [BREACH ALERT] 280M+ records in this Indian database, publicly exposed. Where to report? @IndianCERT ?
Both the IPs have now been taken down from public domain, he informed.
Stock Market NEWS Best intraday tips Intraday Stocks below 100
0 Reactions React
More posts by @IndiaNEWS
: Lashkar-e-Khalsa can carry out terror attacks in India, warns IB #IndiaNEWS #India New Delhi: Ahead of the Independence Day, the Intelligence Bureau (IB) has issued an alert of a possible terror
0 Reactions React
: Sarpanch commits suicide in Kothagudem #IndiaNEWS #Bhadradri Kothagudem Kothagudem: A sarpanch who attempted suicide in Sujatha Nagar mandal in the district on Tuesday has died undergoing treatment
0 Reactions React
0 Comments
Sorted by latest first Latest Oldest Best
Terms of Use Create Support ticket Your support tickets Powered by ePowerPress Stock Market News! Top Seo SMO © hashkaro.com2024 All Rights reserved.