The Indian government has finally fixed a cloud security issues that leaked personal data online for years – TechRadar

1 minute, 42 seconds Read

The Indian government has fixed a cloud security issue that leaked personal data online for years.

Back in 2022, security researcher Sourajeet Majumder discovered that the Indian government was spilling sensitive data on hundreds of individuals, including Covid-19 vaccination data, passport information, and Aadhaar numbers (government identification numbers). The leak was due to a misconfigured database provided by the Indian government’s cloud service, S3WaaS. 

As a result of this misconfiguration, the data was made public on the wide web, and search engines soon indexed the files. Therefore, whoever searched for the data, using any of today’s most popular search engines, would be able to easily find it.

Data for sale

While Majumder managed to get the search engines to pull down the links, with the help of digital rights organization the Internet Freedom Foundation, the government’s computer emergency response team (CERT-In), and the Indian government’s National Informatics Centre, the government kept leaking the data.

A report on TechCrunch claims the data was leaking as recently as last week but, with the help of the publication, was finally secured.

Majumder told the media that the true extent of the data leak is impossible to determine, but stated that threat actors were selling the data on known cybercrime forums. Hackers were using the information to mount identity theft scams and phishing attacks.

“More than that, when sensitive health information like COVID test results and vaccine records get out, it’s not just our medical privacy that’s compromised — it stirs fears of discrimination and social rejection,” he said.

Misconfigured databases continue to be one of the biggest causes of data spills, nowadays. Many organizations hold vast troves of employee, client, and customer data on publicly accessible locations, without even a password to protect them. Earlier this year, it was reported that the entire population of Brazil may have had its sensitive data exposed this way.

More from TechRadar Pro

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts