27.5 Crore Records Of Indian Citizens Data Left Exposed And Hijacked

Dhir Acharya


A report from Security Discovery researcher revealed that over 27.5 crores records of Indian people were left unprotected and hijacked by hackers.

A Wednesday report from Security Discovery researcher revealed that more than 27.5 crores records of Indian people were left unprotected and then hijacked by a group of hackers for over a fortnight. Expert Bob Diachenko informed that a huge MongoDB database of citizens in India was left exposed and anyone could access the data through Amazon AWS by using Shodan.

To be exact, the database included more than 275,265,298 records, which Diachenko discovered on May 1 unprotected and publicly indexed, exposing personal identifiable information (PII) of Indian citizens online for over two weeks. This included name, date of birth, gender, email, education level, as well as professional skills / functional area, specialization, cellphone number, current employer, employment history, and current salary.

The researcher posted this finding on Security Blog, where he noted that as shown by the historical data on the platform, the exposure of the database began on April 23, 2019. He wrote that on May 1, he found a publicly indexed, unprotected MongoDB database containing275,265,298 records including Indian citizens' PPI.

After his discovery, the researcher immediately informed Indian CERT team on May 1. However, the database was still exposed and accessible for another week, until May 8. Unistellar hacker group removed the data and left a coded message.

As per the researcher, he said that while the number of citizens affected may be smaller than the number of records, this is still among the biggest data breach ever reported in the field of Indian tech. Previously, he reported the missing of authentication, which allowed installing ransomware or malware on the MongoDB.

Next Story