A shocking thing has come to light about Bhim, the most used payment service in India. About 72.6 lakh records related to the users of the mobile payment app 'Bhim', became public on a website. Security researchers have discovered this. According to the report of VPN Review website 'VPNMentor', the data made public includes name, date of birth, age, gender, home address, caste, Aadhaar card details and other sensitive information. Security researchers at 'VPNMentor' wrote in a blog, 'The level of data exposed is extraordinary, it has affected millions of people across the country and they have to be targeted by potentially dangerous fraud, theft, hackers and cyber criminals.'
This security lapse was stopped at the end of last month when the researchers contacted India's Computer Emergency Response Team (CERT-In) twice in the same month. The Bhim website was developed by a company called CSC e-Governance Services Limited in association with the Government of India. According to the researchers, "The data in this case was collected in an unsecured Amazon Web Services (AWS) S3 bucket."
In addition, he said that S3 buckets are a popular format of cloud storage worldwide, but developers have to set up security protocols on their accounts. Investigators said, 'We contacted website developers to tell them about misconfiguration in their S3 buckets. When no response was received, we contacted CERT-in. According to the report, the records in S3 bucket remain for short term, but in this short term also more than 7 million records became public.