New Delhi: The data of mobile payment app Bheem (BHIM) has revealed a case of burglary. This has leaked the personal records of more than 7 million users in India. This was said in a report by Israeli cyber security website vpnMentor. However, the National Payments Corporation of India (NPCI) has rejected this claim of data leak. At the same time, Israel’s cyber security website has said in its report that 409 gigabyte data leaks include personal information such as Aadhaar card details, Cast certificates, Residence proof, bank records and complete profiles of people.
Security firm told how the leaked data
According to vpn Mentor’s investigation, the Bhima (BHIM) website was used to sign-up users and business merchants to the app in a campaign. Some of its related data was placed in a mis configured Amazon Web Services S3 bucket and was readily available to everyone. According to the report, the S3 bucket had records from February 2019. S3 buckets are a form of cloud storage, but developers have to create security protocols in their accounts. The website has been developed by CSC e-Governance Services in partnership with the Government of India.
Hackers and Criminals can hunt
The cyber security firm said in a statement, “The level of leaked data is very high, which can affect millions of people across the country. This can lead to hackers and cyber criminals making people a victim of fraud, theft and attacks. ‘ Cyber Security researchers from vpnMentor Noam Rotem and Ran Locker have said, “The volume of leaked sensitive and private data, including UPI IDs, document scans, makes this breach more worrying.” He has said that the exposure of Bheem user data is exactly the same as if a hacker has got account information of millions of users along with the entire data infrastructure of a bank. The bug was reported in April, which was fixed late last month.
NPCI said no data breach occurred
National Payments Corporation of India (NPCI) has said, ‘We have received information from some news reports, which have said that data breach in Bheem app. We want to clarify that there is no data breach in the Bheem app and will ask everyone to avoid such speculation. NPCI uses top-class security and integrated approach to protect its infrastructure. Economic Times has also e-mailed CSC e-Governance Services India regarding this news, but no reply has been received yet.