Indian government's cloud spilled citizens' personal data online for years
(techcrunch.com)
from Lanky_Pomegranate530@midwest.social to cybersecurity@sh.itjust.works on 04 Apr 2024 02:26
https://midwest.social/post/10693048
from Lanky_Pomegranate530@midwest.social to cybersecurity@sh.itjust.works on 04 Apr 2024 02:26
https://midwest.social/post/10693048
cross-posted from: lemmy.zip/post/12985960
India’s government cloud exposed reams of sensitive data to the public internet because of a misconfiguration.
threaded - newest
This is the best summary I could come up with:
The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens.
A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to access.
Security researcher Sourajeet Majumder told TechCrunch that he found a misconfiguration in 2022 that was exposing citizens’ personal information stored on S3WaaS to the open internet.
With support from digital rights organization the Internet Freedom Foundation, Majumder reported the incident at the time to India’s computer emergency response team, known as CERT-In, and the Indian government’s National Informatics Centre.
But Majumder said that despite repeated warnings about the data spill, the Indian government cloud service was still exposing some individuals’ personal information as recently as last week.
“More than that, when sensitive health information like COVID test results and vaccine records get out, it’s not just our medical privacy that’s compromised — it stirs fears of discrimination and social rejection,” he said.
The original article contains 411 words, the summary contains 175 words. Saved 57%. I’m a bot and I’m open source!
Welcome to India, it’s shit as ever