Fresh personal details leaks detected on dark web
Even as cybercrime agencies and experts are investigating the leak of millions of Indian job-seekers’ personal details on the dark web, two more similar instances have come to light in the last 12 hours.
The fresh leaks include nearly 2,000 Aadhaar cards and details of 18 lakh Indians, all available for free.
The leak of nearly 2.9 crore job-seekers’ details was discovered by Cyble Inc., a U.S.-based cyber intelligence firm, which has been trying to trace the source of the leak and identify the perpetrators. Cyble founder Beenu Arora said the Aadhaar cards were posted on the dark web some time in the last 12 hours.
“We are not sure of how this leak happened. There is a known perpetrator who just decided to drop this. In terms of the leak itself, it has approximately 2,000 Aadhaar cards. A large number of files appear to have originated from 2019, and several IDs were scanned from mobile cameras, and often transferred to other parties via WhatsApp. It’s highly likely that more IDs may have been compromised, and the perpetrator decided to share only a small subset. We are still looking into this further,” Mr. Arora told The Hindu.
Cyble researchers said the Aadhaar cards and the job seekers’ details were posted by different entities, both with a different level of reputation on the dark net.
“The Aadhaar leak actor also published a second leak whereby they dropped details of 18 lakh residents of Madhya Pradesh for free on May 19. We identified this leak during our investigations into the jobseeker data,” Mr. Arora said.
State and Central cybercrime agencies have also initiated their own investigations into the matter, sources confirmed.
Meanwhile, Cyble researchers have received an anonymous tip off according to which the jobseekers’ data leak was the result of an unprotected Elasticsearch instance — a tool that collects data from a wide range of locations on the Internet in accordance with the requirements of the person conducting the search, and allowing the user to analyse large troves of data in real time from all over the Internet.
“The claim made by the anonymous entity that unprotected Elasticsearch instance was the root cause behind the jobseeker data leak is unverifiable at this stage, as we haven’t been given the technical evidence yet. We are approaching other research communities to gather more facts,” Mr. Arora said.