Transactions can occur between private individuals, businesses, and other commercial parties.
By 2020, the NPCI recorded over 136 million downloads of the BHIM App.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos leaking the data.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
however, we also received no reply from the developers.
Many weeks later, we contacted CERT-In a second time.Shortly thereafter, the breach was closed.
However, even within such a short timeframe,over 7 million files had been uploaded and exposed.
This data would make illegally accessing those accounts much easier.
Tax fraud -Similar to identity theft, using someone’s tax details to falsify records and make fraudulent claims.
Theft -Hackers could access BHIM accounts via the app and withdraw large sums of money.
They can be easily tricked and swindled by professional fraudsters and criminal rings.
BHIM is just one of many e-payment platforms operating in India,including Google Pay.
This data breach will help many of its competitors attract customers, damaging BHIMs market share.
Potentially, the most damaging aspect of this data breach isthe exposure of the S3 bucket’s APK.
Amazon offers in-depth guidelines to AWS users to assist them in securing their S3 buckets and maintaining their privacy.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
They examine each weakness for any data being exposed.
Our team was able to access thisS3 bucketbecause it was completely unsecured and unencrypted.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Wenever sell, store, or expose any informationwe encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 29.04.2020]
yo, comment on how to improve this article.
