Topics
Latest
AI
Amazon
Image Credits:Jakub Porzycki / NurPhoto / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Jakub Porzycki / NurPhoto / Getty Images
Cloud Computing
DoC
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
stake
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
societal
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
upshot
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The Amerind government has finally resolved a age - long cybersecurity issue that let out reams of sensitive data about its citizens . A security investigator exclusively tell TechCrunch he found at least hundreds of papers containing citizens ’ personal information — include Aadhaar numeral , COVID-19 vaccination data , and passport details — spilling online for anyone to access .
At error was the Native American government ’s cloud service , dubbed S3WaaS , which is billed as a “ secure and scalable ” organization for building and host Indian government websites .
security measures investigator Sourajeet Majumder told TechCrunch that he rule a misconfiguration in 2022 that was exposing citizens ’ personal information store on S3WaaS to the open internet . Because the private document were inadvertently made public , search engines also index the documents , permit anyone to actively explore the net for the sensitive private citizen datum .
With support from digital rights organization the Internet Freedom Foundation , Majumder report the incident at the clip to India ’s computer emergency reaction squad , know as CERT - In , and the Amerind government ’s National Informatics Centre .
CERT - In quickly acknowledged the proceeds , and linkup containing sore files from public search engines were displume down .
But Majumder say that despite repeat warnings about the data point spill , the Indian governance cloud service was still exposing some individuals ’ personal selective information as recently as last hebdomad .
With grounds of ongoing exposure of private data , Majumder require TechCrunch for help bring forth the remaining data secured . Majumder order that some citizens ’ sore data began spilling online long after he first disclosed the misconfiguration in 2022 .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
TechCrunch reported some of the exposed data to CERT - In . Majumder substantiate that those files are no longer publically approachable .
When reached prior to publication , CERT - In did not object to TechCrunch publishing details of the security measure lapse . illustration for the National Informatics Centre and S3WaaS did not respond to a request for gossip .
Majumder said it was not possible to accurately figure the true extent of this data point making water , but warned that forged actor were purportedly deal the data on a screw cybercrime forum before it was shuttered by U.S. authorities . CERT - In would not say if bad actors reach the exposed data .
The display data , Majumder say , potentially puts citizens at risk of identity thefts and scams .
“ More than that , when tender wellness information like COVID test results and vaccinum records get out , it ’s not just our aesculapian privacy that ’s compromised — it evoke fears of discrimination and social rejection , ” he tell .
Majumder take down that this incident should be a “ wake - up call for security reforms . ”
