Covid-19 data of thousands of Indians leaked online, put on sale

Personal data and Covid-19 data of thousands of Indians have been leaked from a government server and has been put on sale. The leaked information includes mobile numbers, addresses, and Covid-19 test results. The data has been put on sale on Raid Forums and according to reports, a cybercriminal has claimed to have “personal data of over 20,000 people”.

Name, age, gender, mobile number, address, date and result of Covid-19 reports are up for sale on the forum.

Cybersecurity researcher Rajshekar Rajaharia shared a tweet to warn people about the personally identifiable information (PII) leak and said that the data was made public through a content delivery network (CDN). He also added that “Google has indexed lakhs of data from the affected system” and shared screenshots of the leaked information.

The screenshots that Rajaharia shared of the documents available on Raid Forums show that the leaked data was meant for uploading on the Co-WIN portal.

He added in a follow-up tweet that while he has not reported any vulnerability, in this case, people should be careful about fraud calls, particularly ones with Covid-19-related offers since their data is available online on the dark web. In most cases, any leaked PII data gets used by cybercriminals to make scam calls to people with fraud offers.

Also Read: Hackers leak username, passwords for 5 lakh Fortinet VPN accounts

Also Read: 38 million records of personal information exposed due to multiple data leaks from Microsoft Power Apps