Categories: Data BreachHacks

Serious Security flaw Employee’s Provident Fund organisation | EPFO

Employee’s Provident Fund organisation a statutory body under ministry of labour and employement, an Universal Account Number (UAN) will be generated for each of the PF contributing members.e UAN will act as an umbrella for the multiple Member Ids allotted to an individual by different establishments.

Indian security firm Eioneus systems  discovered a serious security flaw on 3rd Dec 2016 and it was reported by them immediately to CERT-IN, NIC, and other government sources which were felt necessary  at the time.

As per the report’s available the issue was critical and it will give full access to the machine, which leads to compromise the entire system.The Tech team also disclosed the vulnerability behavior.

UANUAN

Snehil Khare official of Eioneus system clarified their intentions stating

“Our motive is to do a responsible vulnerability disclosure and not to abuse the information which was accessed. Our intention was to draw the attention of authorities towards major security concern identified, without ignoring it.”

Due to the very sensitive nature of the incident complete details was not disclosed, but it came to lime light that bug gave access to information such as Provident fund balance, Individual’s KYC details, phone numbers, PAN numbers, bank details ;etc of every provident fund user in the country.

The techfirm also disclosed some screenshot’s to prove they have access to databases.

Here you also find the report submitted by the Techfirm to CERT-IN (Computer emergency response team) and was acknowledged by CERT-IN in no time.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hackers Exploit PDF Invoices to Target Windows, Linux, and macOS Systems

A recent discovery by the FortiMail Incident Response team has revealed a highly sophisticated email…

9 minutes ago

Indirect Prompt Injection Exploits LLMs’ Lack of Informational Context

A new wave of cyber threats targeting large language models (LLMs) has emerged, exploiting their…

21 minutes ago

FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials

PIVOTcon, joint research by Validin and SentinelLABS has exposed FreeDrain, an industrial-scale cryptocurrency phishing operation…

31 minutes ago

Hackers Exploit Host Header Injection to Breach Web Applications

Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known technique:…

3 hours ago

Hackers Exploit Windows Remote Management to Evade Detection in AD Networks

A new wave of cyberattacks is targeting Active Directory (AD) environments by abusing Windows Remote…

4 hours ago

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical…

4 hours ago