Sanghamitra Car, New Delhi
Mobile payment app Bhima (BHIM) data showed a case of burglary. This has leaked the personal records of more than 7 million users in India. This was stated in a report by the Israeli cyber security website vpnMentor. However, the National Payments Corporation of India (NPCI) has rejected this claim of data leak. At the same time, Israel's cyber security website has said in its report that 409 gigabyte data leaks include personal information such as Aadhaar card details, Cast certificates, Residence proof, bank records and complete profiles of people.
Security firm told how the leaked data
According to vpnMentor's investigation, the Bhima (BHIM) website was used to sign-up users and business merchants to the app in a campaign. Some of its related data was placed in a misconfigured Amazon Web Services S3 bucket and was readily available to everyone. According to the report, the S3 bucket had records from February 2019. S3 buckets are a form of cloud storage, but developers have to create security protocols in their accounts. The website has been developed by CSC e-Governance Services in partnership with the Government of India.
Also read- Indian app burst, 120 million downloads
Hackers and Criminals can hunt
The cyber security firm said in a statement, “The level of leaked data is very high, which can affect millions of people across the country. This can lead to hackers and cybercriminals making people a victim of fraud, theft and attacks. ' Cyber Security researchers from vpnMentor Noam Rotem and Ran Locker have said, “The volume of leaked sensitive and private data, including UPI IDs, document scans, makes this breach more worrying.” He has said that the exposure of Bheem user data is exactly the same as if a hacker has got account information of millions of users along with the entire data infrastructure of a bank. The bug was reported in April, which was fixed late last month.
Also read- Vivo brought world's thinnest 5G smartphone, learn details
NPCI said no data breach occurred
National Payments Corporation of India (NPCI) has said, 'We have received information of some news reports, which have said that data breach in Bhima app. We want to clarify that there is no data breach in the Bhima app and will ask everyone to avoid such speculation. NPCI uses top-class security and integrated approach to protect its infrastructure. Economic Times has also e-mailed CSC e-Governance Services India regarding this news, but no reply has been received yet.