The biggest data hack just happened!

kalph09

Disciple
Long story short.

Some guy put up 1 Billion user's data containing Chinese citizen's police records for a price of 10 bitcoins ($200,000 ish)

The data appears to be legit as per cyber security researchers.

Data is super granular. Example: One citizen was on police watch for using a VPN to access Twitter. They have complete logs, sites visited, where the person is located, etc.

Whole data was sitting behind a simple password (no MFA, no IP whitelisting, nothing) on a cloud facing the internet. CCP is in a state of denial, as usual.


I wouldn't be surprised when our Aadhar database gets leaked. (again)

The last time when I went to enroll aadhar for someone(2021) the post office was still using an old barely patched Win 7 desktop with IE 8 (yes 8!) the website was held together with a shared password.
 
Last edited:

kalph09

Disciple
Apparently, the 'Sample' thrown up for buyers to validate turns out to be legit data.



Considering, that the data was hosted on alicloud + the great firewall by CCP, it must have been one heck of a job. (insider job maybe?)
 

nkfdstar

Disciple
Very much possible (insider job) , I mean its literally billions of data they wont just have it that unsecured that it could fall into wrong hands especially having a bad fame for collecting lots of other countries user data.
But the news seems to be quite old too ,like a month ago the Chinese govt people were behind US hackers. Who knows what's true and what's not!

How is it possible to download that much with nobody noticing ?
Could be negligence ...insider work ? I mean they didn't even acknowledge till someone literally leaked it out .
 

blr_p

Skilled
I wouldn't be surprised when our Aadhar database gets leaked. (again)
What are the consequences ? Let's say it happened again.

Some guy put up 1 Billion user's data containing Chinese citizen's police records for a price of 10 bitcoins ($200,000 ish)
I wonder what the asking price for India's aadhar db will be. More or less ? i'm guessing less, maybe lot less.

Data is super granular. Example: One citizen was on police watch for using a VPN to access Twitter. They have complete logs, sites visited, where the person is located, etc.
That right there is why your comparison is false. Super granular, matched up with all sorts of stuff. And that is by design and is what the CCP would like to do beyond their borders as well. And they are well on their way to doing that through their hardware, software and networking. And what do we know about the Chinese, nothing as much as they know about us. So this hack is a way to bridge that gap ;)

Didn't the UIDAI people say aadhar isn't correlated with anything more than your biometrics in their database. All aadhar does is say whether so and so is who claims to be so. That's it.

If other entities want to do linking and data mining its out of the govt's hands. But aadhar isn't the way they will go about it. Private entities have come up with their own ways to uniquely ID people.
 
Last edited:

nkfdstar

Disciple
I have heard people scamming people by transacting money from their bank account via adhaar bank name and fingerprint information.
It's best to be aware and especially turn these fingerprint related services ON only when needed
 

kalph09

Disciple
What are the consequences ? Let's say it happened again.


I wonder what the asking price for India's aadhar db will be. More or less ? i'm guessing less, maybe lot less.

Didn't the UIDAI people say aadhar isn't correlated with anything more than your biometrics in their database. All aadhar does is say whether so and so is who claims to be so. That's it.

If other entities want to do linking and data mining its out of the govt's hands. But aadhar isn't the way they will go about it. Private entities have come up with their own ways to uniquely ID people.

I am unable to use quotes properly. Please excuse me if there is confusion.

Consequences could be something like identity theft. It may not happen now or in near future. Maybe much later when am old only to find out on a fine morning my pension money is wiped out.

Price, I would go with less considering leaks have happened in the past.

How are FinTech companies able to pull out your bank and credit card details just by using a phone number? Try IndMoney as an example. What is the guarantee they would keep it safe after the MobiQuik fiasco?
 

blr_p

Skilled
Consequences could be something like identity theft. It may not happen now or in near future. Maybe much later when am old only to find out on a fine morning my pension money is wiped out.
Are there any documented fraud cases that have arisen as a result of the last aadhar leak ?
Price, I would go with less considering leaks have happened in the past.
ah, that would affect the price. I was going on the part that its not linked up to the extent as this chinese one.
How are FinTech companies able to pull out your bank and credit card details just by using a phone number? Try IndMoney as an example. What is the guarantee they would keep it safe after the MobiQuik fiasco?
Are they using aadhar as the basis to do their mining or their own methods. Any ideas.
 

kalph09

Disciple
Are there any documented fraud cases that have arisen as a result of the last aadhar leak ?

ah, that would affect the price. I was going on the part that its not linked up to the extent as this chinese one.

Are they using aadhar as the basis to do their mining or their own methods. Any ideas.

A search on the internet pulls up articles like this. Not necessarily a large scale data leak.

For someone to get several 1000's of SIM cads to run a scam call center, where would they go for getting aadhar data?

1657701184672.png

1657701241404.png

Try installing Zerodha or IndMoney. They call it aadhar/KYC verification (no, Voter ID or passport does not work here) in order to complete registration.
 

blr_p

Skilled
A search on the internet pulls up articles like this. Not necessarily a large scale data leak.
This is what they have to prepare for. Does not have to be large leak. A series of small ones over a period of time that can be collated works too.
 

blr_p

Skilled
Some guy put up 1 Billion user's data containing Chinese citizen's police records for a price of 10 bitcoins ($200,000 ish)
Fun fact: I heard that is the entire population of China. Everyone including kids

Now we know their population ain't as big as they say ;)
 

kalph09

Disciple
Fun fact: I heard that is the entire population of China. Everyone including kids

Now we know their population ain't as big as they say ;)

If they are good at one thing, that is bloating numbers. This includes GDP, Per Capita, PPP, etc.

 

Futureized

:Custom Title:
Adept
This is old news now. Really doubt anyone has seen the actual data yet.

With respect to Aadhar, it has already leaked several times, the latest one being more extensive.
I wouldn't be surprised when our Aadhar database gets leaked. (again)

The last time when I went to enroll aadhar for someone(2021) the post office was still using an old barely patched Win 7 desktop with IE 8 (yes 8!) the website was held together with a shared password.
Just wondering, if my Aadhar data is leaked, apart from misusing the identity, hackers/intruders still wont be able to access my monetary sites.. (banks etc.)
What would be correct misuse of stolen Aadhar card, as we deal with sharing Aadhar nowadays at any required point for getting new sim etc.
 

blr_p

Skilled
If they are good at one thing, that is bloating numbers. This includes GDP, Per Capita, PPP, etc.

The GDP figure being unreliable came from the wiki cables leak back in 2010

 
Top