S3WaaS

2024: Internet Data Breaches

In early April 2024, it became known that the cloud of the Indian government had been leaking personal data of citizens to the Internet for years. The problem is exacerbated by the fact that search engines indexed this information. Thus, anyone can search for information about certain persons using the usual requests.

According to TechCrunch, we are talking about the S3WaaS cloud platform, which is positioned as a "secure and scalable" system for creating and hosting government websites in India. Information security researcher Sourajeet Majumder discovered errors in the platform configuration, due to which personal data of citizens leaked to the Internet. The set of such information includes unique personal Aadhaar identifiers, information about vaccination against COVID-19 and passport data. The exact scale of the leak as of the beginning of April 2024 has not been established. However, Majumder states that he managed to find "hundreds of documents."

Unsplash

Majumder reported the problem to the Indian Computer Emergency Response Team (CERT-In) and the National Center for Informatics of the country's government. CERT-In specialists confirmed the leak and took measures to remove links to pages containing confidential information about citizens from search engines. However, Majumder later again discovered personal data in the public domain on the Internet, which, he claims, again leaked through the S3WaaS cloud platform.

It is also noted that the leaked information was available on one of the popular cybercriminal forums. Such information can be used by cybercriminals to organize various fraudulent schemes aimed at stealing money.^[1]

Notes