Thousands of Indians' personal information relating to COVID-19 was leaked online.
Thousands of Indians' personal information has been sold on the dark web.
New Delhi: Thousands of people's personal information, including their names, mobile numbers, addresses, and COVID test results, has been leaked from a government server in India, and this information can be found through an online search.
The stolen information has been placed up for sale on the Raid Forums website, where a hacker claims to have the personal information of over 20,000 people.
The information posted on Raid Forums includes these individuals' names, ages, genders, phone numbers, addresses, dates, and the results of their COVID-19 reports.
Rajshekhar Rajaharia, a cyber security researcher, also tweeted that a content delivery network makes personally identifiable information (PII) such as names and COVID-19 results public (CDN).
He claimed that Google had indexed tens of thousands of files from the compromised system.
"PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient’s data is now listed on #DarkWeb. Need fast deindex," Rajaharia said in his tweet.
PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient's data is now listed on #DarkWeb. Need fast deindex#Infosec @IndianCERT pic.twitter.com/LgQxZZi8T6— Rajshekhar Rajaharia (@rajaharia) January 19, 2022
An email sent to the Ministry of Electronics and Information Technology received no response.
The disclosed data was intended for upload on the Co-WIN site, according to a sample document released on Raid Forums.
In terms of controlling and raising awareness about the COVID-19 pandemic, as well as its immunisation effort, the government has primarily relied on digital technologies. For COVID-19-related services and information, some government departments require that users utilise the Aarogya Setu app.
In a follow-up tweet on January 20, Rajaharia stated that he was not disclosing any vulnerabilities in this incident, but advised consumers to be wary of fraud calls, offers connected to COVID-19, and other similar offers they may receive as their data is sold on the dark web.
Cyber crooks and fraudsters frequently use data sold on the dark web to commit various types of fraud.