Skip to main content

Indian Payment App BHIM Exposes Over 7 Million Users Data

Indian Payment App BHIM Exposes Over 7 Million Users Data

Indian e-payment app, BHIM (Bharat Interface for Money) has suffered a massive data breach that exposed private sensitive data of over 7 Million users.

The Bharat Interface for Money (BHIM) app is based on the UPI (Unified Payments Interface) mechanism and owned by NPCI (National Payments Corporation of India) to provide better bank to bank money transfer in India. Currently, the BHIM app has over 136 Million users.

Security researchers from VPN Mentor discovered the unsecured database on 23rd April 2020 but announced recently. The exposed database belonged to the BHIM app's Website (http://cscbhim.in/) that was being used to promote its usage across India and sign large numbers of business merchants to the app.

The data was exposed due to misconfigured Amazon Web Services (AWS) S3 bucket which contains 409 GB of data. The exposed database contains user records from February 2019 onwards.

The exposed data include Personally identifiable information (PII) including names, dates of birth, age, gender, residential address, biometric details, Aadhaar card images India's national ID, bank records, PAN number, cast certificates, professional certificates, and full profile of BHIM customers. It also contains more than 1 Million UPI IDs that are directly linked with the user's bank accounts.

Indian Payment App BHIM Exposes Over 7 Million Users Data

Security researchers also informed the CERT-In (Computer Emergency Response Team, which deals with cybersecurity in India) about the massive data breach on 28th April 2020. The breach was closed on 22nd May 2020.

It is concerning that the scale of personal data exposure is too large. So, currently millions of BHIM users all over India at risk of identity theft, fraud, and cyberattacks from cybercriminals.

If you are a BHIM app user and concerned about how this massive data breach might impact you, contact CSC e-Governance services directly to find out what steps they are taking to resolve the issue and keep your personal data safe.

Security researchers also advised developers of the BHIM website that they could have easily avoided this massive data breach if they have taken these basic security measures :

1) Using proper access rules

2) Protecting its servers

3) Securing system access

4) Creating strong passwords and Using strong encryption

If you have any questions related to the Indian mobile payment BHIM app's massive data breach and also want to share your views on this topic then please mention in the comments box and I will get back to you.

Comments

  1. That is very interesting; you are a very skilled blogger. I have shared your website in my social networks! A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article.

    ESTIMATES

    ReplyDelete

Post a Comment

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

WARNING — These Six ‘Dangerous’ Android Apps With 1.66 Billion Downloads Need To Be Uninstalled

Privacy and security research firm VPNpro has discovered six dangerous Android antivirus apps that have a total of 1.66 billion downloads available in the Google Play Store. These six free Android antivirus apps ask users to explicitly agree for dangerous permissions that they are not required to operate . And there is simply no legitimate reason for them to do so. Downloading these antivirus apps has resulted in putting users themselves as well as all of their precious data at risk. So, my advice here is pretty straightforward. Even if you are installing an antivirus app from Google Play Store, make sure it is a well-known brand and you are familiar with the permission is required to operate on. Downloading free apps onto Android devices is always a risk, especially if they are from unknown developers. Free Antivirus apps  –  Dangerous Permissions These six Android antivirus apps asking for dangerous permissions such as access to the microphone, camera, making call