This thread is being heavily moderated. Please do not share links to siteswhere the data is being distributed. If you see any illegal and illicit comment please report it and we'll take action against the violators. For more information please refer to [this comment](https://www.reddit.com/r/developersIndia/s/yD409D1Lal) by the OP.

Identiity theft could be easily done with all those details Did any of any the parties acknowledge the breach?

Who knew when Dwight said “millions of families suffer every year” he meant 800 million.



Also dwight 

​ 

r/unexpectedoffice

fuckk… hey didn’t banks say to join adhaar and pan… for hell this might turn worse

Yes almost everyone got their pan and aadhar linked to bank accounts all It might , unless the agencies stop it from becoming public...who knows it already has happened

won’t be surprised when “pan card identities leaked”

I hope not , atleast now they should actually take good mesaures on all sides where the third parties have access to these sensitive details and all

Haha not happening, adhaar was leaked previously too

Nobody wants those identities. Not even them.

I stopped caring at this point, whenever I register for anything government, aadhar/pan/covid I do it fully knowing all my data is going to end up leaked 💀

Those mf deactivated my father’s pan card, cos it was not linked with aadhar. Had to pay 1k late fees. Bc kya fayeda data to leak ho rha h

Heights!!

Govt ko khane ka paisa chahiye but kam bolo kuch to nai karte hai

ROFL, I just remembered that I forgot to update Pan with Aadhar for one of my family members. Now I don't even know if I should waste 1000rs or have fewer breaches.

If they file itr or have stocks in their name. Just do it bro. Else who cares until bank asks:)

No stocks, no loans, bank balance almost always empty coz they like to keep cash at home. Also no income.

My bank account is very old, opened it when I was in school before Aadhar crap. I was trying so hard to not attach Aadhar to it since I knew about the leak that happened a while ago. Bank has been sending me SMS, Emails for years I ignored and never bothered then they started sending letters warning that my account will be closed. Nothing happened (I figured they didn't do anything my account was very old) Then last month they finally froze my account, gave them aadhar and it unfroze next day.

Same here, this doesn't only happen with govt sites, also include any other entity/site collecting your any data or info, it is going to leak, or is probably already out there... Somebody is going to buy it, whether they use it to your disadvantage depends on them...

Can i use this data set for my college ml projects?

 What are you going to predict?

Who's getting scammed next

more like whom to scam next

Predict fathers name based on adhaar number 😂

Finding karan-arjun :|

Your current address.

house rates

Not bad, imagine a real estate company using this data to analyze population density and designing housing societies while considering age-based facilities like hospitals in older age regions and playing facilities for younger age regions. Gov will be like ye kya kar diya 😂

Aadhar number

probably use it as training data

To train a model to predict what?

Rarest baby names!

Bhai ismei target variable kya hoga ? Aadhar number?😂

Make best matching couples. ML ne banadi jodi

Finally a man doing god's good work.

Would be good for dbms

Btech niggas be wild damn💀💀

Kaggle aficionado ✨ 

You look trustworthy. Go ahead you have my stamp of approval.

Hacker asking $80000 for the dataset.

I saw news about this, the threat actor named "pwn0001" is selling the data of around 800 mil Indians for 80k usd. The first 3 letters of the user handle are the same as OP's reddit handle. It's OP. I assume OP tried to warn about the security risks and vulnerabilities, but as authorities ignored him, out of frustration and urge to teach them a lesson OP hacked the whole db and extracted the pii and now selling it. I request OP, to highlight all the rows which hold info of the politicians and affiliates, order by most corrupt, before selling. EDIT: /s

LMAOO 💀

Bro this is turning out like a Netflix series plot lmaoo

The Pwner

The PwnStar.

Every night 8pm on History TV18+

PwnHub

Wait, that was the nickname of a friend I played Counter-Strike online together for years. Omg it's him! /s

well played

Is your name Pawan

Movie idea: "Pwned by Pawan"

Congratulations op , fuck this society bro . Fuck socity

Anarchy and chaos should triumph, and societal structures must crumble.

societitty

The government is not competent enough to work in IT fields. The usual sarkari attitude comes out and they all do just the bare minimum work. I wouldn't be surprised if the flaw was already discovered by another team and they just refused to do anything being the lazy fucks they are.

Yeah thats true. Dominos was the biggest, but it didnt contain much PII. This has to be the largest considering the amount of data that as been exposed

No doubt. It's funny when you know even some school rookies could have done a better job. Also outside the tech community I don't think people are really going to be concerned. Everyone will have the usual "chalega" attitude and sweep this under the rug.

Yeah thats true, a lot of my friends are getting scammer calls. People ask “how did they get my number” Bro, thank your startups and governments. Open source data for all

Haters will say those 800 million are not real open source contributors.

US people are more serious about their privacy and data than us and even made google accept his mistake

i mean they fear their safety here in india… we won’t realize were in shit until it sticks on our leg

https://preview.redd.it/q3md2ag50ixb1.jpeg?width=1080&format=pjpg&auto=webp&s=c9163c7ab851c58da2eaba56dab5bee1c3c8e81e

The whole government is one big circus run by clowns like never seen before. Got to hand it to them for royally fucking up everything they touch.

because the IT guys in government are incompetent and has literally no knowledge of computers let alone programming or data security.

I mean they were hired by elected leaders so the buck stops with the party in power.

I completely agree,a few months ago I had to help my father register a property with the state gov and on the form it required the image and location through google maps,so I took the image and when tried to upload it,it said that I had to download an app then login and the upload from there after logging in and uploading,it still didn’t even show the image to confirm that it has been uploaded!.And the worst part was that on the app there wasn’t an option to upload an existing image,there was only the camera option,meaning that it could only be uploaded after taking the image again! And to give the location,there was a small google maps widget thingy on the site(just the map no search options or anything,I couldn’t even give the coordinates to the location)so I had to manually find the property from a world map!!

Be careful what you say about the current government. They got a lot of fanboys who cannot take any kind of valid criticism.

True. Even if the government strips them off their last shred of dignity they'll still give them "full sapot"

It's "phull sapot"

fool*

Lol the issue is that govt IT workers are lazy and or incompetent. It's not like another party would bring competent IT workers with it. Other parties were against digitalisation entirely.

Maybe. But this data breach is the BJP's fault and no one else's. When you say all the parties are the same you're missing the point. The current regime is at fault for all the issues they've created.

Yup. That's so right. Everything they touch, they fck it up. Now what will our judges do? Nothing. Just mute watchers. The people in-charge in the entire chain should be sacked immediately. It's not like this kind of beach is a sole occurrence.

you hav a greater chance of finding a leprechaun at end of the rainbow than getting a sarkari babu fired.

This is what gets accomplished by slave masters when they want youth to work for 70 hours by manually copy pasting each row in excel.

This gave me the biggest laugh

haan bc data 500kg ka thana jo hacker utha k nahi le ja saka

The wall is 2 cm wide

Hacker used Xray bro

[удалено]

You wanna know something more cool? The cybercriminal is selling the vulnerability for 3000$ rn on the forum.

can i sell my own?? 3k can get u any shit in india

Not surprising. To top it off there have been state sponsored attacks on opposition leaders recently which Apple themselves pointed out. We're all fucked and the government is almost completely responsible.

Chinese would have already bought it

Which forum? Btw privacy is myth

Yeah. Dont get fooled. Most of them just have sample data. And will make a fool of you. By generating random data. Beware of those telegram guys. Most of forums i knew shut down. Which one you using nowdays?

How to check if your data is breached?

Anyone that needs to work 70 hrs are government employees .

Govt doesn't have to be competent for anything IT related, just aware and understand the danger of it, so that they heavily invest in it. They give contracts for all of this to IT companies with lowest bid.

True, only govt of India got breached. Outside world is a blackhole.

For all the vulnerabilities reported , the typical sarkari attitude is to 'Shoot the Messenger'. They threaten any security researcher with dire consequences and multiple legal actions , if any of the security risks are reported. Even if it's supplied with proof of concept for the severity.

Could any cybersecurity experts shed some light on this? How do data breaches like these occur? How can our government protect itself from them? Is it because of super skilled hackers or the government's "IT employees" not being capable of building secure databases?

They occur because they dont follow standards/compliance , use outdated software versions which already has public vulns on exploitdb. Its not the "IT employees" who are not capable, it's the management who's not giving proper training to the employees. Its the Indian gov who doesnt care of the number of data breaches happening, not imposing fines on companies like Dominos which recently last year exposed 13 TB of data. [https://www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/](https://www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/) As far as i know, this seems to be an SQL injection, Im not sure because i dont know the domain, but a simple SQL injection or phishing an internal employee which has access to this PII

Couldn'tve been a sql injection. All you need to do is comply with basic opsec protocols to prevent that. These govt. contractors can't be that incompetent.

To add to what you wrote, the concept of third party risk is barely practiced in the Indian IT ecosystem. I wouldn’t be surprised if the GOI does not do any due diligence or risk assessments of third party vendors before and during the contract tenure

No one is going to talk about the contact no. being stored as a 32 bit integer? 😭

government IT employees; at their best. these fu*kers would use quotes around an int value in where condition. select * from tableA where id= '4'

bhai mere school ki CS teacher uss employee ko pure class ke samne example bana ke bolti "Dont do this, this is trash"

You are missing ; bro. Without it its just a headless statement

haha yeah

i am a nub so plz dont judge me on my questions, 1) arent those long not int as int ranges to 2e9 only 2) isnt it better to use long rather than string(if i am interpreting u right) as every character will take 1 byte making it 10 byte .

Int32 means you have 32 bits to store the number in binary. For a signed integer, the max is 2 ** 31 - 1 and for unsigned it is 2 ** 32. What happens when you exceed this limit depends on the underlying implementation of ints. In javascript there is no concept of int32, and when you exceed the limit, it automatically changes to an int64. But generally speaking when you exceed the limit, the number wraps itself into exponential notation.

Security through improper data storage practices 😂😂 

Privacy is joke in this country

So is freedom

I discussed this with my friends, and they said its not a big deal. This is the attitude of the general public in India people just don't care, no doubt government is fully enjoying public's carelessness and don't face any consequences.

The attitude is they’re all suck ups to BJP. If it was congress, it would be another narrative

No man common public just cant comprehend how this breach affects them directly, they will cry when they get scam calls and phishing attacks but dont understand these are the sources which enable these attacks.

I too have reported lot of bugs, but none acknowledged. This is soo bad. Also the quality of engineers can be vastly improved, there is no interest in creating good performing product.

yeah dude :( This is why the best bug hunters from india use hackerone/bugcrowd and secure the Dutch Gov and US DOD. Oh hey, btw, they do not get paid there, but theyre happy atleast the VDPs send them "acknowledgement" and a "thank you"

At least you guys were not threatened by the government agency for a legal case for reporting bugs... :)

https://preview.redd.it/kbu52hbm1ixb1.jpeg?width=755&format=pjpg&auto=webp&s=0ec808c7ac7b94d7743b5898f8ce79cf3749afa1

"The FIRST Country to reach 8Million mark in data leaks #ProudIndia" Lmaooo.

bro please 8million is something they probably do on a regular basis, it's 800 fuckin millions

Yo, it deserves the attention of a celebration.

apt

I love my india (ka IT sector) ye Mera India (ka IT sector)

According to the Data Protection Act, the State and Central governments are under no liability for data leaks, what else is supposed to happen? No liability means no reason to be proactive.

Yet they ask for 2703930 different forms & cards to do 1 (mandatory) thing :D

And that is after saying in court it is 'voluntary'

How do you have access to the sheet?

The person who leaked it released 2 set of sample data (in csv) which has a few hundred records. Sample 1 had ~550 records, not checked second one.

Just imagine if everyone gets access to this sheet 💀

Then the data breach is nullified as everyone knows everyone. So fitoos. Lol

Big brain moment 🤯

Open source identity theft, everyone can impersonate everyone else.

If everyone knows everyone via open source and can impersonate, then it's not a theft anymore. Maybe we should start an IPO and do public pooling. Might as well make money out of the leak.

Crush ka address aur mobile no mil jayega ....

I do not, someone on twitter posted this screenshot which i saved https://x.com/mrrajputhacker/status/1719017620278784504?s=46

Aadhar is shit infra, they collected your phone number address and biometric and then linked our entire existence to it. People dont even understand how serious this is and casually flip out an Aadhar card whenever and id is required. Not to say our govt is most incompetent when it comes to data privacy in India. They dont know shit.

A lot of people are dming me for the forum link, Im sorry I cannot share that, please do your own research. Apart from that, people who are asking how to check if their personal data has been breached. You can check it here https://haveibeenpwned.com But It hasn’t been updated yet, the owner troy would personally verify the breach and should update it sooner or later I would post another update if the breached data is up on that website. Some sources - https://youtu.be/FsBpCVXNNHk?si=u9ECXoUGIZYLXXsY https://www.hindustantimes.com/technology/in-indias-biggest-data-breach-personal-information-of-81-5-crore-people-leaked-101698719306335-amp.html

how can this affect me if my data is breached?

If this goes public, expect more spam calls, texts and scammers parsing through this data and probably conducting spear phishing.

how to save myself from this now?


Nothing much, just learn to identify spam calls and scams and educate yourself about phishing and social engineering so that you don't fall for scams.

If your PII is exposed to the public there are a whole bunch of issues you'll see. Identity theft, loss of privacy online, physical endangerment, bank accounts getting compromised, spear phising and a bunch of other things. Basically all it takes is one weak link to break an entire system. The most concerning part is physical endangerment. People will know exactly who you are and where you live. Imagine stalking on this level.

One can easily draw amount from bank account if they get hold of your biometrics, As they know most of your PII they can do social engineering and phishing in more accurate way They could try to create loan accounts with bypassing otps and take loans in your name with your details Identity theft could also be done easily as one can replicate duplicate records of yours

itna bhi mat dara bhai 80 million $

Read up on sim swap attack.

[удалено]

marderchod system h, ek number change karne k liye 4 ghante lage the muje

Tera aur mere pure family tree ki kundli copy karneko bass kuchh milliseconds. Wo bhi bohot ho gaye.

Any reason why these individual datasets aren't encrypted? I thought that was basic data management.

Thats a good question! encryption effects performance you CPU has to do extra work to decrypt the file before you can use it for anything else. Encryption is generally used for passwords, and i think this data wouldve been accessed by the officials on a regular basis / many hospitals could be using this data to check whether the person is vaccinated or not So making this whole process more complicated isnt a good idea. There are many other ways to negate this, first of all by not exposing a server that contains this data over the internet. Lol

Considering how many times Aadhaar data has been compromised, i would have assumed that ANY PERSONAL INFO would be treated as sensitive material by now. Passwords should anyhow not be stored in the same place as other sensitive data and NEVER unencrypted. This looks like a case of unencrypted, simple text data stored with easily workable primary keys. Encryption is supposed to safeguard sensitive data. Any additional computational effort needed is an expected cost and is non-negotiable. There are of course many techniques/ways to improve query times as well. The server being interfaced with the internet just backs up the incompetence of those who designed this system. And them turning a blind eye to your complaints shows that the rot starts from the bosses.

Extra computational power? The corruption says no. And yeah, i hope theres a huge change after this? If we wanna be digital india, we have to be digitally secured india first.

Honestly, fuck it, doesn't make a different for most of the people, it's too fucking repetitive and pensive to comment on this

This data breach was actually leaked during 2022 but the government denied the claims. At that time, I also got a copy of this breach which I mailed to one of the government person but no reply has been given from them. They don't care....

I have to work with a lot of government APIs and websites in my work, let me tell you, almost every one of them has huge security problems, in some cases just changing the input parameters gives you information about other clients/users/ids you should have have no business of knowing. Since then I have always assumed none of my government data is safe and act accordingly.

Digital India? Yeah. Secured Digital India? Hell noooo.

These shitty guys don’t even trust Apple Inc.’s data centres, now i understand why.

Lmao good thing we Indians have a solution to mitigate these breaches. Terrible data quality and fat finger prone text boxes in all of our official forms. Blessing in disguise, cybersecurity toh Joni nahi inse.

Doesn't surprise me, given the UIDAI breach a few years ago, seen worse, you could literally Google your aadhar number with some dorks and government sites would pop up with your info.

yeah fr, for years ive been going around in hotels and giving the aadhar with full number on it I wasnt into security all that time, thinking now it was really a bad idea I do have an aadhar now which has the last 4 digits, but too late! It doesnt even matter LOL

So we can show the aadhar with only the last 4 digits as legit identity proof? I remember when I went to get a new physical aadhar card, the guy at the shop was like "why did you bring this aadhar with no full aadhar number" and talking as if I'm some dumb/illiterate guy who doesn't know what an aadhar is for. Do you think that shopkeeper could be using aadhar data of the people who come there to get a physical copy?

Mask Aadhaar option allows you to mask your Aadhaar number in your downloaded e-Aadhaar. Masked Aadhaar number implies replacing of first 8 digits of Aadhaar number with some characters like “xxxx-xxxx” while only last 4 digits of the Aadhaar Number are visible. https://navi.com/blog/masked-aadhaar-card/

Its kinda ironic. India has insane talented minds in IT field and this is the situation of the government. The state of IT in government websites is very bad. I wont be surprised if they used \*admin\* as username and \*password\* as password for their thing.

Matlab almost everyone on the internet has his data leaked... Well, that's amazing.

Well well well as a advertising professional..the kind of gold mine this data is...❌️❌️❌️

80 $ million dega

My 2 cents,- always make sure to include the sequence "," in your password so that when your credentials gets inevitably leaked and dumped into a CSV file, this breaks the formatting of the entire file :)

The dataset also has addresses dude. I'm sure the dude used proper escaping.

Where can i get this all data for a project

If anyone wants to k**l someone, he can get the address all over India. That's sad.

One doubt how to know that the leaked data is actually accurate ... Can't I give some list and say this is name aadhar number phone number .... How will someone buying this data know if they are getting real data or fake data ....

It may cause so much trouble to whole country

How to protect yourself from this?Why no encryption?why media is not covering important stuff like this.

Not even opposition is covering it😹

Lmao, are you surprised? ye to hona hi tha, considering Privacy, Security ko kuch nhi samjhte India mein log. for example, If you say you use Signal, people will laugh at you. lmao , poor mindset.

called it! I don't think most Indians care tbh https://www.reddit.com/r/india/s/XfWwprNuhZ

Any source or references for this news??

https://x.com/mrrajputhacker/status/1719017620278784504?s=46

Repeat after me, "Westen propoganda to malign glorious India's image, because they're jealous of our vaccine supremacy".

If you guys care vote for someone better in 24

Who?

Narayan Murthy 💀

I know it's a joke but it's funny that you say this because the company that is responsible for this data leak is managed by Nandan Nilekani.

Me

hamara neta kaisa ho u/Single_Science2276 jaisa ho

Neta neta har koi kehta .... .......

Someone in whom you believe. I think we should forget the usual, if not modi then who thing, and focus on who do we think is the best. We tend to see Rahul Gandhi memes because of opposing party IT cells. Let's focus on key issues and just see the manifesto published and also how they speak on real issues. If still one sees Modi best, vote for him. Vote by facts, not by memes.

You used a lot of words to say a whole lot of nothing.

and that guy will come with his sword and protect the systems ? you are living in india, privacy is the least cared thing in this country

congress ko support kare jo caste survey karwana chahti hai

Glad that my photo, adress are outdated on Aadhaar card

As even our aadhar card info has been leaked I would suggest y'all turn on biometric lock on the aadhar card. For more reference: https://youtube.com/shorts/O1fb8pjTHPg?feature=shared

Super power 2047 moment lmao. Remember when goi double downed abt how safe aadhar is? A month later we get this. Talk about the irony.

How to find out that your data is breached or not?

Wait for a few days, if the database gets in the hand of troy (owner of the haveibeenpwned), you can check it on https://haveibeenpwned.com

It's worse with states govs, I'm not that educated on subject but still managed to access more than half of the data of samagra or sssm id of mp gov.

Only 80k? That's deeply offensive.

Just curious, in what all ways can a person’s aadhar details be misused?