On august 2, 2022, Volodymyr Diachenko found 2 IP addresses with password-less Elasticsearch clusters. The two IPs had tape flows with indices called UAN of 280,472,941 and 8,390,524.
This data included details about EPFO members, including information about their employment, bank accounts, income status, Aadhaar information, bank seeding status, and more. However, it was unclear who exposed the data or to whom the information belonged.
Talking about the data leak exclusively to The Cyber Express, Diachenko said, From my experience, most (if not all) of the recently reported hacks were resulted from misconfigurations and exposures of data in public domain, rather than from a sophisticated attack. So, following cyber hygiene rules is very important.