Indian government's cloud spilled citizens' personal data online for years (techcrunch.com)
from Lanky_Pomegranate530@midwest.social to cybersecurity@sh.itjust.works on 04 Apr 2024 02:26
https://midwest.social/post/10693048

cross-posted from: lemmy.zip/post/12985960

India’s government cloud exposed reams of sensitive data to the public internet because of a misconfiguration.

#cybersecurity

threaded - newest

autotldr@lemmings.world on 04 Apr 2024 02:30 next collapse

This is the best summary I could come up with:


The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens.

A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to access.

Security researcher Sourajeet Majumder told TechCrunch that he found a misconfiguration in 2022 that was exposing citizens’ personal information stored on S3WaaS to the open internet.

With support from digital rights organization the Internet Freedom Foundation, Majumder reported the incident at the time to India’s computer emergency response team, known as CERT-In, and the Indian government’s National Informatics Centre.

But Majumder said that despite repeated warnings about the data spill, the Indian government cloud service was still exposing some individuals’ personal information as recently as last week.

“More than that, when sensitive health information like COVID test results and vaccine records get out, it’s not just our medical privacy that’s compromised — it stirs fears of discrimination and social rejection,” he said.


The original article contains 411 words, the summary contains 175 words. Saved 57%. I’m a bot and I’m open source!

lemmy_nightmare@sh.itjust.works on 04 Apr 2024 07:14 collapse

Welcome to India, it’s shit as ever