Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Biometric data of more than 800m Indians briefly on sale on hacking forum

A user on a popular hacking forum offers up access to a treasure trove of personal data – then deleted their post.

user icon David Hollingworth
Thu, 02 Nov 2023
Biometric data of more than 800m Indians briefly on sale on hacking forum
expand image

A hacker on a popular clear web hacking forum has caused quite a stir, offering up for sale a database containing the biometric data and passports of more than 815 million Indian citizens.

A user called pwn0001 made an initial post on 9 October, saying: “Indian citizen’s data contain many sensitive fields like Aadhar number and passport number.”

“Never sold this data anywhere or anyone before it’s latest private data,” the post read.

============
============

Included in the data were name and address details, phone number, father’s name, and the aforementioned passport details and Aadhaar number. A sample file of 100,000 lines was included as proof of the data’s providence, which – according to researchers at security firm Resecurity – appears quite legitimate.

Aside from the sheer number of people impacted – India has a total population of nearly 1.5 billion people, so that leak covers over half of the entire country – the addition of the Aadhaar number is particularly worrying.

Aadhaar is the largest biometric ID system in the world, one that World Bank former chief economist Paul Romer called “the most sophisticated ID programme in the world” in 2018. It is a 12-digit number that any Indian citizen can apply for and is administered by the Unique Identification Authority of India. Foreign nationals who have spent long enough in India can also apply for an Aadhaar number.

The 12-digit number combines biometric data with demographic information, can be used as proof of residence, and can be linked to government services and even bank accounts. There are plans to link the Aadhaar to voter registration in the future.

The source of the breach appears to be the Indian Council of Medical Research, according to Indian press, and was initially taken from COVID-19 test results.

The Indian government initially denied the breach, but investigations are ongoing.

Security researchers contacted the seller and were told the price for the entire dataset was US$80,000 and that, as of mid-October, there were no buyers.

However, after Resecurity disclosed the breach, the seller deleted the post around 31 October – leaving quite a few other forum members disappointed.

“Really want to see this data if anyone has sample for it let me know,” one member posted in a thread referencing an article on the leaked data.

“No passwords? If someone sees it, please post a link!” another wrote.

Other sellers are now offering Aadhaar details, alongside driver’s licences and voter ID cards. A member called Blastoise – after the Pokemon of the same name – has 35,000 “unique documents” for sale, while another called Lucius has posted twice with different datasets of Indian personally identifiable information for sale, totalling nearly two terabytes in size.

And, again, Adhaar numbers are part of the data.

The stolen data is more than enough for threat actors to engage in a variety of fraudulent activity, from identity theft to banking fraud and more. In fact, an uptick in such activity has already been observed.

“Resecurity observed a spike in incidents involving Aadhaar IDs and their leakage on underground cyber criminal forums by threat actors looking to harm Indian nationals and residents,” Resecurity said in a blog post.

“It is expected to see growth of such data leaks involving AADHAAR records in the future, including those which happened due to the insecurity of third parties.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.