Thursday, April 18, 2024

Indian Provident Fund Portal Hacked: Attackers May have been Stolen 27 Million Users Sensitive Data

A cyber Attack launch into Indian Provident Fund Portal called “Employees  Provident Fund Organization(EPFO)” and hackers may have been stolen around 27 Million registered peoples sensitive data.

The personal and professional details of about 27 Million Indian Peoples registered with the retirement fund body Employees Provident Fund Organisation (EPFO).

A hacked website (Aadhaar.epfoservices.com)provides an Aadhaar Seeding Service for EPFO that has been managed under Indian Government infrastructure called Information and Communication Technology (ICT).

Attackers Exploiting two critical vulnerabilities calledStruct Vulnerability  &  Backdoor shell”  which exists on the hacked website that allow an attacker to successfully compromise the website and gave access to stolen the million of Peoples Sensitive Data.

“backdoor shells” allows hackers gaining control of a portal’s administrator privileges and “Apache Struts”, a widely used Java application that contains a critical vulnerability.

This Attack was launched to target an Aadhaar number and cybercriminals may have been stolen a huge amount of data and the breach has been notified on 22/03/2018.

Letter from VP Joy, Central Provident Fund Commissioner

In the letter checked “secret”, the official composed that the Intelligence Bureau (IB) had Informed them of”hackers exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO.

EPFO is just one of many government departments that use this platform for Aadhaar-seeding various services.

Cyber Security Experts Said, “Each person contributes 12% of salary as provident fund, so salary details could also have been stolen. Also the bank account numbers as people tend to withdraw their PF,”.

The report additionally includes that the central provident fund commissioner has asked the service’s specialized staff to plug vulnerabilities on the entryway that has now been temporarily shut down. For the obscure, the entrance interfaces the Aadhaar number of all workers with their provident fund accounts.

The hacked website contains information about the names and addresses of EPF subscribers besides their employment history.

Few Month before  Indian Aadhaar Details Exposed in Public by More than 200 Government Websites.

Aadhaar Officials said “This matter does not pertain at all to any Aadhaar data breach from UIDAI servers. There is absolutely no breach into Aadhaar database of UIDAI. Aadhaar data remains safe and secure,”.

Website

Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles