Saturday, May 17, 2025
HomeComputer SecurityIndian Provident Fund Portal Hacked: Attackers May have been Stolen 27...

Indian Provident Fund Portal Hacked: Attackers May have been Stolen 27 Million Users Sensitive Data

Published on

SIEM as a Service

Follow Us on Google News

A cyber Attack launch into Indian Provident Fund Portal called “Employees  Provident Fund Organization(EPFO)” and hackers may have been stolen around 27 Million registered peoples sensitive data.

The personal and professional details of about 27 Million Indian Peoples registered with the retirement fund body Employees Provident Fund Organisation (EPFO).

A hacked website (Aadhaar.epfoservices.com)provides an Aadhaar Seeding Service for EPFO that has been managed under Indian Government infrastructure called Information and Communication Technology (ICT).

- Advertisement - Google News

Attackers Exploiting two critical vulnerabilities calledStruct Vulnerability  &  Backdoor shell”  which exists on the hacked website that allow an attacker to successfully compromise the website and gave access to stolen the million of Peoples Sensitive Data.

“backdoor shells” allows hackers gaining control of a portal’s administrator privileges and “Apache Struts”, a widely used Java application that contains a critical vulnerability.

This Attack was launched to target an Aadhaar number and cybercriminals may have been stolen a huge amount of data and the breach has been notified on 22/03/2018.

Letter from VP Joy, Central Provident Fund Commissioner

In the letter checked “secret”, the official composed that the Intelligence Bureau (IB) had Informed them of”hackers exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO.

EPFO is just one of many government departments that use this platform for Aadhaar-seeding various services.

Cyber Security Experts Said, “Each person contributes 12% of salary as provident fund, so salary details could also have been stolen. Also the bank account numbers as people tend to withdraw their PF,”.

The report additionally includes that the central provident fund commissioner has asked the service’s specialized staff to plug vulnerabilities on the entryway that has now been temporarily shut down. For the obscure, the entrance interfaces the Aadhaar number of all workers with their provident fund accounts.

The hacked website contains information about the names and addresses of EPF subscribers besides their employment history.

Few Month before  Indian Aadhaar Details Exposed in Public by More than 200 Government Websites.

Aadhaar Officials said “This matter does not pertain at all to any Aadhaar data breach from UIDAI servers. There is absolutely no breach into Aadhaar database of UIDAI. Aadhaar data remains safe and secure,”.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs...

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...