1, December, 2023
HomeIndiaDark Web Seller Pwn0001 Offers 815 Million Indian Citizens' Data

Dark Web Seller Pwn0001 Offers 815 Million Indian Citizens’ Data

Published on

Recently, a dark web threat actor known as pwn0001 made headlines for offering sensitive data of 815 million Indian citizens on a dark web marketplace. While this revelation has raised concerns about data security, pwn0001 claims that he didn’t hack the data but purchased it from a now-defunct dark web forum last year.

Pwn0001’s listing on Breach Forums, posted on September 10, included an offer to sell the “Indian citizen Aadhaar and Passport Database” for $80,000. This database allegedly contains personal information like phone numbers, addresses, names, parents’ names, and more.

According to pwn0001, he acquired the database for $50,000 in the previous year, emphasizing that he did not engage in hacking activities. He stated that the forum from which he obtained the data has since been shut down, and its owner has been arrested. However, these claims could not be independently verified by chennaiprint.

The threat actor expressed disappointment with the database’s contents, stating that it did not meet his initial expectations. Only a small portion of the data includes Aadhaar details, and even fewer entries contain passport information. Pwn0001 indicated that his current goal is to recover his investment, as he has not been successful in selling the data to anyone so far.

The reports of this data breach were initially disclosed by the US-based cybersecurity research platform Resecurity. Their researchers claimed to have identified valid Aadhaar card IDs linked to Indian citizens.

It’s worth noting that the Indian government has not officially confirmed or denied the occurrence of a data breach. Media has reached out to UIDAI CEO Amit Agrawal for further information, and the article will be updated when a response is received.

These reports of data breaches coincide with the passage of the Digital Personal Data Protection Act in Parliament, which has now become law. The DPDP Act introduces provisions that impose hefty fines of up to Rs 250 crore on platforms that leak personal data. However, the law has not yet been fully implemented. Certain government entities, including Panchayats, less digitized MSMEs handling citizen data, and startups, have been mentioned as potential exemptions from the Act’s implementation.

In August, Resecurity also reported another alleged breach involving 1.8 TB of data, sold online under the name “Indian internal law enforcement organization.” This dataset was said to contain personally identifiable information such as Aadhaar IDs, Voter IDs, and driving license records.

Latest articles

Prabhas and Prithviraj in Salaar Part 1 – Action-packed Trailer Out

The long-awaited trailer for Prabhas' upcoming film, Salaar Part 1: Ceasefire, has finally been...

Market Records New Highs – Nifty50, Sensex Surge Driven by GDP Growth and Exit Polls

The Nifty50 index soared to a fresh high as India's economy expanded faster than...

TCS Buyback Opens – Understanding the Potential Benefits for Shareholders

Tata Consultancy Services (TCS) witnessed a surge in its stock price on December 1...

More like this

Manufacturing Drives Q2 GDP Growth to 7.6% Amid Varied Sectoral Trends

The economy surprised analysts by clocking a robust 7.6% growth in the second quarter...

Henry Kissinger’s Controversial Involvement in the Bhopal Gas Tragedy Case

Henry Kissinger, a prominent figure in international diplomacy known for his adept maneuvering in...

2023 Marks the Hottest Year on Record, Says Latest WMO Report

The World Meteorological Organization (WMO) has released its latest report, indicating that 2023 is...
Enable Notifications OK