Data Breach of CSC Website Exposed Data of Over 7 Million BHIM Users

A cybersecurity firm based in Israel has reported that a misconfigured cloud storage server storing user data of the BHIM app was breached, resulting in the theft of over 1 million user IDs and passwords. The incident is reported by vpnMentor, a company that specializes in cybersecurity research.

The caretaker and developer of the official BHIM website where the sensitive data is kept is apparently Common Services Center(CSC) e-Governance Services LTD. It is also partly managed by the Indian Government.

The website CSC established to promote BHIM usage across India and sign up new merchant businesses was misconfigured and exposed over 7 million records.

The data breach of CSC website exposed data of over 7 million BHIM users and this exposed data is around 409GB in size. It contains sensitive information like Scans of Aadhaar Card with the number, name, gender, DOB, PAN Number, UPI IDs, scanned copies of religious and caste certificates, photos of users along with residential address, professional degrees and certificates, screenshots of financial and banking apps, scans of fingerprint impressions.

This vulnerability was first discovered on April 23rd, and the Computer Emergency and Response Team (CERT-In) responded to the complaints on the following day. The loopholes in the website security were taken out on May 22.

The cybersecurity researchers who discovered the data leak said that the sheer volume of sensitive, private data exposed, along with UPI IDs, document scans, and more, makes this breach deeply concerning. The exposure of BHIM user data is akin to a hacker gaining access to the entire data infrastructure of a bank, along with millions of its users’ account information.

The cybersecurity firm said in a statement that the exposed data affects millions of people all over India and exposes them to potentially devastating fraud, theft, and attack from hackers and cyber criminals.

NPCI statement on CSC website data breach: “We have come across some news reports which suggest data breach at BHIM App. We would like to clarify that there has been no data compromise at BHIM App and request everyone to not fall prey to such speculations. NPCI follows high level of security and an integrated approach to protect its infrastructure and continue to provide a robust payments ecosystem.”

There have been no cases of misuse of the leaked data of users, but users are warned not to share any OTP, nor respond to any calls or emails that seek your bank account details and we suggest you do the same. It is always better to keep yourself safe, but it is just crazy that even if you follow all safety protocols, your data is still at risk.

Xiaomi’s new Mi Notebook is set to launch in India on June 11th, and it will be available for purchase at a starting price of Rs. 9,999. The device is said to have a 5-inch display with a resolution of 1,080 x 720 pixels, and it is powered by an Intel Core i5-5200U processor. It also features 8GB of memory and a 256GB storage capacity.

How to browse the internet safely and responsibly:

  1. Use a VPN when possible. A virtual private network (VPN) encrypts your traffic and helps keep your online activity private. VPNs are especially useful for protecting your privacy when you’re using public Wi-Fi networks, such as at a coffee shop or airport.
  2. Use common sense when online. Be aware of who you’re talking to, what you’re sharing, and how much information you’re giving away. Don’t share personal information, passwords, or other sensitive information online without first being sure that the person you’re talking to is who they say they are and that the information you’re sharing is safe to share.
  3. Be aware of scams online. Scams involve people pretending to be from reputable companies or organizations in order to steal your personal information or money. Be especially careful of emails that ask for your bank account number or other sensitive information in order to process a payment; these emails are likely scams. ..