New Delhi: Personal details of 7 million Indians on the digital pockets Bhim’s web site have been exposed in a data leak, claimed an Israeli cyber safety agency vpnMentor.
It claimed that there was no safety protocol in place to forestall hackers from breaching the server. The data was saved on a misconfigured Amazon Web Services S3 bucket and was publicly accessible.
“The developers of the CSC/BHIM website could have easily avoided exposing user data if they had taken some basic security measures to protect the data,” it mentioned.
It claimed that “a massive amount of incredibly sensitive financial data connected to the BHIM mobile payment app was exposed to the public”.
Parts of data have been being saved “on a misconfigured Amazon Web Services S3 bucket and was publicly accessible”, it mentioned.
In their research, cybersecurity researchers Noam Rotem and Ran Locar mentioned publicity of BHIM consumer data is akin to a hacker having access to your complete data infrastructure of a financial institution, together with tens of millions of its customers” account data.
Govt denies BHIM data breach
The National Payments Corporation of India (NPCI) has issued an announcement saying there was no compromise of data on the BHIM app.
“We would like to clarify that there has been no data compromise at BHIM App and request everyone to not fall prey to such speculations,” an announcement from state-run National Payments Corporation of India mentioned.
It added that the physique follows a excessive degree of safety and an built-in strategy to guard its infrastructure and proceed to offer a strong funds ecosystem.