A cyber security researcher on Tuesday claimed that the data leak of 81.5 crore Indian citizens, containing crucial information such as Aadhaar card and passport details, along with names, phone numbers, and addresses, seemed "fake".
Independent cyber security researcher Rajshekhar Rajaharia posted on X, saying, "Aadhaar data is safe. Data leak of 81.5 crore Indians Aadhaar card seems fake. It seems the leaked data belongs to the mobile operators, and the source might be some third party".
According to him, there might be data of a few lakh people compromised, and no evidence shows that the data of 81.5 crore people leaked.
"The hacker 'pwn0001' reputation is also negative on the dark web, who claimed to leak this data and one other hacker group 'Lucius' who posted similar data a few days back, was also blacklisted on the dark web," Rajaharia mentioned.
The data breach was noticed by the US-based cybersecurity and intelligence firm Resecurity, mentioning that the threat actor 'pwn0001’ on October 9, posted a thread on Breach Forums brokering access to 815 million 'Indian Citizen Aadhaar and Passport' records.
The analysts managed to connect with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000 (over Rs 66 lakh).
However, the threat actor declined to specify how they obtained the data. Last month, cybersecurity researchers found that the official website of the Ministry of AYUSH in Jharkhand had been breached, exposing over 3.2 lakh patient records on the dark web.
According to the cybersecurity company CloudSEK, the website's database, amounting to 7.3 MB, holds patient records that include PII and medical diagnoses.
The compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers. The data breach was initiated by a threat actor named "Tanaka".