Financial data of BHIM customers was leaked online by malicious actors.
BHIM stands for Bharat Interface for Money, and has become one of the widely used payment method throughout the country. With the concept of digital India promoted by the Indian government, people have started using this payment option as it is declared as safe and fast for money transfers.
BHIM was launched in 2016 by National Payments Corporation of India and has gained popularity ever since. The researchers have revealed that 409 GB worth of data was available on a public domain after the exposure and can be used by anyone with any sort of intention.
The leaked information may include personally identifiable information including bank records, Aadhaar card images, residential status and proof, caste certificates, and full profile of BHIM customers. Research proves that the data of users and businesses was kept in a misconfigured Amazon web service S3 bucket.
The leaked data sums up to a size of 409 GB and this misconfiguration made this entire data publically available. The exposed data also includes UPI identifiers which were kept public to ensure transparency during transactions.
Therefore, it isn’t possible that Aadhar card data could be exposed to the public. Apart from personal data, the portal’s static pages, pictures, PDF files, e-text, and awareness videos were also made public.
The researchers informed the Computer Emergency Response Team (CERT-In), India’s main cybersecurity agency, about the incident. NPAV recommends users to keep an eye out for phishing and malware attacks that can be initiated using the exposed information.
Use NPAV and join us on a mission to secure the cyber world.