About 72.6 lakh records related to the users of the mobile payment app ‘Bhima’ went public on a website. Security researchers have discovered this.
According to the report by the VPN review website ‘VPNMentor’, the data made public includes name, date of birth, age, gender, home address, caste, Aadhaar card details and other sensitive information. Security researchers at ‘VPNMentor’ wrote in a blog, ‘The level of data exposed is extraordinary, it has affected millions of people across the country and they have to be targeted by potentially dangerous fraud, theft, hackers and cyber criminals. left it.’
This security lapse was called off at the end of last month when the researchers contacted India’s Computer Emergency Response Team (CERT-In) twice in the same month. The Bhima website was developed by a company called CSC e-Governance Services Limited in association with the Government of India. According to the researchers, “data in this case was collected in an unsecured Amazon Web Services (AWS) S3 bucket.”
He also stated that S3 buckets are a popular format of cloud storage worldwide, but developers have to set up security protocols on their accounts. The researchers said, ‘We contacted website developers to tell them about misconfiguration in their S3 buckets. Did and offered his assistance. When no response was received, we contacted CERT-in. According to the report, the records in S3 bucket remain for short term, but in this short term also more than 7 million records became public.