The leak includes sensitive personal information on India’s residents, such as government-issued Universal Account Numbers (UAN), bank account numbers, and income data.
Two unprotected IPs containing Elasticsearch indices named ‘UAN’ were discovered earlier this week. The first cluster contained over 280m records, while the second had around 8m records.
UAN stands for Universal Account Number. A 12-digit number is assigned by the employer and issued by India’s Ministry of Labour and Employment. UAN is similar to a social security number (SSN) used in the United States.
Researchers at the cybersecurity firm SecurityDiscover who made the discovery noted that each record was full of extremely sensitive information. The open dataset included citizens’ names, addresses, dates of birth, bank account numbers, the Indian Financial System Code (IFCS), and many more bits of personally identifiable information (PII).
According to Bob Diachenko, CEO of SecurityDiscover, it was not clear who the data owner was, although it was evident the host was in India.
“Both IPs were Azure-hosted and India-based. No other information was obtained through reverse DNS analysis as well. Both Shodan and Censys search engines picked them up on Aug 1st, but it is unknown for how long this information was exposed before search engines indexed them,” Diachenko wrote in a blog.
Diachenko said that the datasets were closed 12 hours after he made the discovery public on Twitter. Other researchers did not discover the dataset on the dark web marketplaces either.
SecurityDiscover discovered the dataset during a routine, open-source intelligence (OSINT) investigation.
If confirmed, the leak would be the second major Asia-based data incident in a month. At the start of July, hackers put up a massive database from the Shanghai police for sale. The dataset allegedly included information on 1 billion Chinese citizens.
More from Cybernews:
Subscribe to our newsletter