Monday, February 10, 2025
HomeData BreachSerious Security flaw Employee’s Provident Fund organisation | EPFO

Serious Security flaw Employee’s Provident Fund organisation | EPFO

Published on

SIEM as a Service

Follow Us on Google News

Employee’s Provident Fund organisation a statutory body under ministry of labour and employement, an Universal Account Number (UAN) will be generated for each of the PF contributing members.e UAN will act as an umbrella for the multiple Member Ids allotted to an individual by different establishments.

Indian security firm Eioneus systems  discovered a serious security flaw on 3rd Dec 2016 and it was reported by them immediately to CERT-IN, NIC, and other government sources which were felt necessary  at the time.

As per the report’s available the issue was critical and it will give full access to the machine, which leads to compromise the entire system.The Tech team also disclosed the vulnerability behavior.

UAN

Snehil Khare official of Eioneus system clarified their intentions stating

“Our motive is to do a responsible vulnerability disclosure and not to abuse the information which was accessed. Our intention was to draw the attention of authorities towards major security concern identified, without ignoring it.”

Due to the very sensitive nature of the incident complete details was not disclosed, but it came to lime light that bug gave access to information such as Provident fund balance, Individual’s KYC details, phone numbers, PAN numbers, bank details ;etc of every provident fund user in the country.

The techfirm also disclosed some screenshot’s to prove they have access to databases.

EPFO

Here you also find the report submitted by the Techfirm to CERT-IN (Computer emergency response team) and was acknowledged by CERT-IN in no time.

EPFO
EPFO
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...

BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

BeyondTrust, a leading provider of identity and access management solutions, disclosed a zero-day breach...