India's government was finally able to resolve a significant breach where sensitive data of citizens, including Aadhaar numbers, COVID-19 vaccination data, passport details, names, phone numbers, and addresses was exposed online due to a misconfiguration in the government's cloud service called S3WaaS.
The breach was found by security researcher Sourajeet Majumder in 2022 who reported it to India's Computer Emergency Response Team (CERT-In). Despite initial acknowledgement and actions by CERT-In to remove links containing sensitive files from public search engines, ongoing exposures of private data persisted.
A US-based cybersecurity firm Resecurity had found in October 2023 that threat actors were selling this information on the dark web. The data contained records of more than 815 million Indian citizens and is considered one of the largest breaches in the history of the country. The threat actors claimed that the information was sourced from COVID-19 test details of citizens registered with the Indian Council of Medical Research (ICMR). ICMR's website is part of the Indian government's entities and is highly probable to be hosted on S3WaaS. The exposed data posed risks of identity thefts, scams, and potential privacy violations, especially concerning sensitive health information like COVID test results and vaccine records.
The Indian government's S3WaaS cloud service, which stands for "Secure, Scalable, and Sugamya Website as a Service", allows government entities to easily generate, host, and manage websites under the GOV.IN or NIC.IN domain, like ICMR's. Despite its name, the cloud platform has come under scrutiny due to significant data breaches and leaks in the past as well.
India faces major challenges in cybersecurity due to a lack of comprehensive cybersecurity laws and regulations. While attempts have been made by established bodies such as CERT-In, there still appears to be a long way to go before a comprehensive national security structure is in place.
Source: TechCrunch
4 Comments - Add comment