Personal Data of Nearly Half A Million Delhi Citizens Exposed Online
The Hacker News (India based security news website) just reported that personal data of nearly half a million Delhi Citizens has been exposed online.
A security researcher, Bob Diachenko, has identified an unsecured server left unprotected on the Internet and was accessible online without requiring any password.
“A 4.1GB-sized database had been indexed by Shodan and was left unattended for public access. The database was named “GNCTD” which also stands for Government of National Capital Territory of Delhi,” Diachenko wrote in a blog post. However, it is not clear whether it really belongs to Government of National Capital Territory of Delhi (GNCTD).
According to Diachenko, the database contained records of 458,388 individuals located in Delhi, and the data includes Aadhaar numbers and voter ID numbers.
The collections and records contained in the leaked database included: (1) EB Registers; (2) EB Users (14,861); (3) Households (102,863); (4) Individuals (458,388); (5) Registered Users (399); and (6) Users (2,983).
The database also has email addresses with “transerve.com” domain for users who have roles assigned as “senior supervisor,” and “super admin” designations.
Diachenko concluded that the database was most likely related to a company named “Transerve”. He informed “Transerve” company about the unsecured database, but didn’t receive any response from them yet.
Then he contacted Indian CERT (Computer Emergency Response Team) that coordinated to take the exposed database offline.