Fresh personal details leaks detected on dark web

These include 2,000 Aadhaar cards and data of 18 lakh Indians

May 24, 2020 10:05 pm | Updated May 25, 2020 07:19 pm IST - Mumbai

A screenshot of some of the data on the dark web.

A screenshot of some of the data on the dark web.

Even as cybercrime agencies and experts are investigating the leak of millions of Indian job-seekers’ personal details on the dark web, two more similar instances have come to light in the last 12 hours.

The fresh leaks include nearly 2,000 Aadhaar cards and details of 18 lakh Indians, all available for free.

The leak of nearly 2.9 crore job-seekers’ details was discovered by Cyble Inc., a U.S.-based cyber intelligence firm, which has been trying to trace the source of the leak and identify the perpetrators. Cyble founder Beenu Arora said the Aadhaar cards were posted on the dark web some time in the last 12 hours.

“We are not sure of how this leak happened. There is a known perpetrator who just decided to drop this. In terms of the leak itself, it has approximately 2,000 Aadhaar cards. A large number of files appear to have originated from 2019, and several IDs were scanned from mobile cameras, and often transferred to other parties via WhatsApp. It’s highly likely that more IDs may have been compromised, and the perpetrator decided to share only a small subset. We are still looking into this further,” Mr. Arora told The Hindu .

Cyble researchers said the Aadhaar cards and the job seekers’ details were posted by different entities, both with a different level of reputation on the dark net.

Second leak

“The Aadhaar leak actor also published a second leak whereby they dropped details of 18 lakh residents of Madhya Pradesh for free on May 19. We identified this leak during our investigations into the jobseeker data,” Mr. Arora said.

State and Central cybercrime agencies have also initiated their own investigations into the matter, sources confirmed.

Meanwhile, Cyble researchers have received an anonymous tip off according to which the jobseekers’ data leak was the result of an unprotected Elasticsearch instance — a tool that collects data from a wide range of locations on the Internet in accordance with the requirements of the person conducting the search, and allowing the user to analyse large troves of data in real time from all over the Internet.

“The claim made by the anonymous entity that unprotected Elasticsearch instance was the root cause behind the jobseeker data leak is unverifiable at this stage, as we haven’t been given the technical evidence yet. We are approaching other research communities to gather more facts,” Mr. Arora said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.