HackingTech NewsTrending

BHIM App Exposes Data of More than 7 Million Indian Data

Isreal cybersecurity researcher firm vpnmentor has reported a data leak that exposed data of more than 7 million BHIM app users through a misconfigured S3 bucket.

The exposed data includes financial details, photos, Aadhaar and PAN card details of more than seven million users and also private data such as name, home address, Aadhaar card details, bank records, along with a complete profile of individuals.

All related data from this campaign was being stored on a misconfigured Amazon Web Services S3 bucket and was publicly accessible

vpnmentor said

BHIM (Bharat Interface for Money) is an Indian mobile payment app developed by the National Payments Corporation of India (NPCI), based on the Unified Payments Interface (UPI) in 2016 and by the end of 2017, it has gained 12.5 million users. It was started with an initiative to facilitate safe, easy & instant digital payments through your mobile phone.

BHIM Users Data Leak 

The firm said that the data was stored on an unsecured Amazon Web Services (AWS) S3 bucket. The exposed BHIM app data was labeled as “csc-bhim” on the S3 bucket.

bhim app hacked
Bhim upi leaked

Amazon S3 bucket is a public cloud storage resource available in Amazon Web Services‘ (AWS).

After identifying the data leak the frim contacted developers of cscbhim.com but after getting no response from them they contacted India’s Computer Emergency Response Team (CERT-In)  that handles cybersecurity in India.

The exposed data includes highly sensitive, including many documents needed to open an account on BHIM

  • Scans of Adhaar cards – India’s national ID
  • Permanent Account Number (PAN) cards
  • Professional certificates, degrees, and diplomas
  • Scans of Caste certificates
  • Screenshots of financial and banking apps as proof of fund transfers
  • Photos used as proof of residence

The exposed data also includes personal data of the users such as name, home address, caste status, biometric data, Profile and ID photos, gender, government ID.

The exposed data includes massive CSV lists of merchant businesses signed up to BHIM, along with the business owner’s UPI ID number.

The misconfigured app also includes an APK. AWS Key pairs are equivalent to admin user/password in Amazon’s infrastructure giving the key access to the data gives an attacker an ability to start, stop, and control the server.

The sheer volume of data makes the data leak more concerning and the exposure of the APK in the server makes it even more concerning. Any skilled hacker can use his skills to target BHIM cloud storage and target it with malware and spyware to gain persistent access to the servers.

Satender Kumar

A Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others and always available to play chess.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × two =

Back to top button
Do NOT follow this link or you will be banned from the site!