Sensitive data of Indian pension fund holders exposed online
By Editor - Thu Aug 04, 7:16 am
A huge cache of data containing the full name, bank account number and nominee information of pension fund holders in India has surfaced online. Security researcher Bob Diachenko found two separate IP addresses storing more than 288 million records — with some 280 million records available under one IP address and about 8.4 million a part of the second IP address. Both IP addresses were publicly exposing the data to the internet but were not protected by passwords, the researcher said . The records were a part of cluster indices titled “UAN”, which apparently refers to the Universal Account Number allotted to pension fund holders by the state-owned Employees’ Provident Fund Organization (EPFO) in the country. “From what I understood, information from the database could have been used to put together a complete profile of an Indian citizen and make them a target for a phishing or scamming attack,” Diachenko told TechCrunch.
Go here to see the original: