© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Sensitive records of over 280m Indian citizens exposed


The leak includes sensitive personal information on India’s residents, such as government-issued Universal Account Numbers (UAN), bank account numbers, and income data.

Two unprotected IPs containing Elasticsearch indices named ‘UAN’ were discovered earlier this week. The first cluster contained over 280m records, while the second had around 8m records.

UAN stands for Universal Account Number. A 12-digit number is assigned by the employer and issued by India’s Ministry of Labour and Employment. UAN is similar to a social security number (SSN) used in the United States.

Researchers at the cybersecurity firm SecurityDiscover who made the discovery noted that each record was full of extremely sensitive information. The open dataset included citizens’ names, addresses, dates of birth, bank account numbers, the Indian Financial System Code (IFCS), and many more bits of personally identifiable information (PII).

Sensitive records of over 280m Indian citizens exposed
Sample of leaked data. Image by SecurityDiscovery.

According to Bob Diachenko, CEO of SecurityDiscover, it was not clear who the data owner was, although it was evident the host was in India.

“Both IPs were Azure-hosted and India-based. No other information was obtained through reverse DNS analysis as well. Both Shodan and Censys search engines picked them up on Aug 1st, but it is unknown for how long this information was exposed before search engines indexed them,” Diachenko wrote in a blog.

Diachenko said that the datasets were closed 12 hours after he made the discovery public on Twitter. Other researchers did not discover the dataset on the dark web marketplaces either.

SecurityDiscover discovered the dataset during a routine, open-source intelligence (OSINT) investigation.

If confirmed, the leak would be the second major Asia-based data incident in a month. At the start of July, hackers put up a massive database from the Shanghai police for sale. The dataset allegedly included information on 1 billion Chinese citizens.


More from Cybernews:

Post-quantum encryption algorithms under rigorous scrutiny: expect more hacks

Baseball card Mark Zuckerberg had made for him as a kid will go up for auction

Tutanota calls for a tighter grip on Big Tech

Ukraine dismantled million-strong disinformation bot farm

Winamp is back after revamp; nostalgia-inducing looks intact

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked