NEW DELHI: Identity documents of 5,000 Indian residents, including Aadhaar, driver’s license, passport, and PAN, were leaked on the dark web by a suspected Pakistani hacker.
Further investigation has revealed that the same individual also allegedly exposed the material on publicly available forums. All hacked sensitive data is now searchable via Google.
The alleged Pakistani cybercriminal “sold” the identification documents of about 5,000 Indians to both private Telegram channels and publicly available forums, which significantly increases the risk of identity theft. With a simple Google search, anyone may now have access to the identification documents of thousands of residents.
ALSO READ: WhatsApp Data Of 500 Million Users On Sale, Check If Your Data Has Leaked
Saumay Srivastava, Threat Intelligence Researcher and Founder of ThreatCops.com made the disclosure after discovering an alleged “Pakistani” forum on the dark web where a group of suspected threat actors communicates via secret Telegram channels. Saumay Srivastava concealed his identity and posed as a member of the gang.
The majority of chats in the group were conducted in Urdu, and the channel’s profile has images of the Pakistani flag. After following the conversations for several days, he discovered that “they claim to have different data dumps of Indian government organisations, including Indian Railways and several corporate entities as well.”
After that, a threat actor “provided a link to a 5.5 GB dump of Aadhaar and PAN cards.” It included scanned copies of 1,059 Aadhar and PAN cards as well.
ALSO READ: Two Nigerian Cyber Criminals Operating WhatsApp VVIP Profile Fraud Arrested By Punjab Police
Saumya informed CERT-In and the director of UIDAI about the incident (Unique Identification Authority of India)
Further investigation revealed that the purportedly identical threat actor was releasing compromised material on leak forums accessible to the public. A website exposed roughly 4000 additional Aadhaar cards, PAN cards, passports, and driver’s licences. The suspected threat actor uploaded dozens of Netflix account credentials on this hacker’s forum, including passwords and international identification documents.
The leaked Aadhaar/PAN documents have been independently verified as authentic.
Here is an excerpt from an exclusive interview with Saumay Srivastava:
How Did You Find This Leak?
While investigating, I found a forum where a user uploaded an approximately 5.5 GB dump link of Aadhar and PAN cards. After that, he shared a telegram channel link on the corresponding thread, where I found a group of Pakistani (assuming) threat actors communicating through private telegram channels. I joined that forum to gather intelligence and leads about it. After constant monitoring for a week, I noticed that all the posts /communication were generally done in Urdu, and many users even used Persian emojis of the respective countries where they discussed things about crypto and binaries.
So I kept a trail by translating all the conversations done between them; I found that they claim to have various data dumps of the Indian government and some corporate players as well. After monitoring for a few days and being disguised amongst them, I noticed that a threat actor named: my_gulf2 posted screenshots of profits of some crypto dealing between both.
I linked my investigation through OSINT to Clearnet. I used to link whatever lead/intel I used to get from forums of Darkweb to Surface web to get more IOCs. Soon after gathering leads started analysing them through certain Dorks, linkages and coverage on public platforms on the Surface web. After monitoring this group of threat actors for one week, I got enough intel to form a report. I reported this to CERT-In and UIDAI.
ALSO READ: Can Your WhatsApp Be Hacked? Here’s How Hackers Are Taking Control Of WhatsApp, Know How To Stay Safe
What Trouble Leak Of This Data Cause?
As you know, documents like Aadhar are sensitive, and exposure on the dark web is a significant issue of concern. Places, where these details are uploaded, are publically available (accessible to all), and sources, where this data is uploaded, aren’t popular yet but can be in the near future and result in getting your information leaked to general public/threat actors who can use this information with malicious intent.
What all precautions can be taken:
Although it is still unknown where they got that data, government websites with weak security configurations constitute a significant issue.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube