The researcher has brought the matter into notice of the Indian Computer Emergency Response Team (CERT-In). The agency replied to the tweet by asking Diachenko to share the report of the incident to the agency via email.
PF Account data leaked
In a LinkedIn post, Diachenko explained how on August 2nd, two search engines from his SecurityDiscovery firm identified two separate IPs containing indices called “Universal Account Number” or UAN. UAN is a unique 12-digit number allotted by the Employees’ Fund Organisation to a Provident Fund holder. The first IP contained 280,472,941 records and the second IP had 8,390,524 records.
Diachenko ran a review of these samples and realised that it was “something big and important.” Diachenko said considering the scale and sensitivity of the matter, he decided to take the revelation to Twitter and LinkedIn. Within 12 hours of his tweet, both the IPs became unavailable as they were taken down. He also revealed that these two IPs were based in India and operated on Microsoft’s Azure cloud and even after a reverse DNS analysis the source of the hackers could not be traced.
Even though the hacking was identified earlier this month, the exact date of its leak can still not determined, according to Diachenko. Thus, for how long this information was available online before the system could identify them is a mystery for now. It is important to note that this information can be used to create fake identities, documents and have access to respective PF accounts.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
