Indian Government Data Leak Fixed
For years, the Indian government had a cybersecurity problem that leaked private data about its citizens. A security researcher found that the government’s cloud service, called S3WaaS, accidentally made citizens’ personal information public online, such as:
Aadhaar numbers
COVID-19 vaccination data
Passport details
The Cloud Security Problem
Security researcher Sourajeet Majumder discovered a configuration error in 2022 that let anyone on the internet access confidential documents stored on S3WaaS. Search engines also indexed these documents, making them easy to find by anyone.
Although the issue was partially fixed, the government’s cloud service still exposed some people’s personal information until last week. Majumder, with help from the digital rights group Internet Freedom Foundation, reported the case to India’s computer emergency response team (CERT-In) and the government’s National Informatics Centre.
The Consequences
The leaked data could harm citizens in many ways:
Identity Theft: Citizens could face identity theft because of the leak of sensitive information.
Medical Privacy Issues: COVID-19 test results and vaccine records were among the leaked data, creating worries of stigma and social exclusion.
A Demand for Security Improvements
This case shows the need for security improvements. The Indian government must take urgent actions to protect citizens’ data and stop such leaks from happening again.
While CERT-In confirmed the issue, the true scale of the data leak is still unclear. Allegedly, malicious actors accessed the data and even sold it on a notorious cybercrime forum before authorities closed it down.
As citizens, we depend on secure systems to keep our personal information safe. Let this case lead to necessary changes to defend our privacy and digital rights.
Sources:
Indian government’s cloud spilled citizens’ personal data online for years (TechCrunch)
Government Plugs Cloud Security Leak That Exposed Data For Over 2 Years (MSN)