What you need to know
- Indian mobile payment app BHIM reportedly suffered a data breach a few weeks back, exposing sensitive financial data of over 7 million users.
- The security bug was reported to the NCPI on April 23, and it was fixed roughly a month later.
- Bharat Interface for Money (BHIM) app was launched in 2016 by the National Payments Corporation of India (NPCI).
The research team at vpnMentor has discovered that a massive amount of sensitive financial data connected to India's BHIM mobile payment app was exposed to the public. As per the cybersecurity website, all data from the BHIM website, which was used in a campaign to get millions of Indian users and business merchants to start using the app, was stored on a "misconfigured Amazon Web Services S3 bucket" and was publicly accessible.
S3 buckets are among the most popular forms of cloud store globally, but require developers to set up the security protocols on their accounts. Since the unsecured S3 bucket wasn't configured properly, the data may have been easily accessed by hackers and cybercriminals. The security research team at vpnMentor tried reaching out to the website's developers about the misconfiguration but did not receive any response.
On April 28, 2020, five days after discovering the misconfiguration, vpnMentor contacted India's Computer Emergency Response Team (CERT-In) about the issue. The security issue was finally fixed around May 22, after the CERT was contacted a second time.
As per vpnMentor, there were around 7.26 million records in the S3 bucket, with the total size estimated to be 409GB. The records contained in the misconfigured S3 bucket included scans of Aadhaar cards, caste certificates, photos used as proof of residence, Permanent Account Number (PAN) cards, and more. These records gave a complete profile of individuals, including their full names, age, residential address, biometric details, banking records, and ID numbers for various government programs.
The NPCI, however, has denied the report and said in a statement that there has been no data breach at BHIM app. It has also requested everyone to "not fall prey to such speculations."
Sony just invested a lot of money in Epic Games — here's why that's smart
Sony's move to invest in Epic Games ahead of the PS5 launch makes a lot of sense. Whether you love or hate Epic, the company has technology and expertise that Sony will benefit from.
Here are 5 features Google is working on for Android 12 and beyond
The Android development team recently held an AMA on Reddit answering technical questions about the upcoming software. While we didn't learn anything about the upcoming software, we do have an idea of some things heading to Android 12 (and beyond).
Android updates are coming faster than ever, but still not fast enough
You'll never see the day where all Android phones get updated to new operating systems on the day they're announced. But we are seeing remarkable improvements.
Time to dump Chrome: 8 alternative desktop web browsers
If you getting frustrated with the lack of privacy, slower speeds or difficulty using extensions in Chrome, it's time to switch to one of these web browsers.