advertisement
We’re coming to the end of another year, and before 2020 kicks in, it’s important to walk down the memory lane, and list down the major data breaches or digital fraud that affected thousands of mobile users in India this year.
With digital payments becoming a core part of how we function, it was obvious that hackers would target people who’re still getting used to the ecosystem.
Here’s a look at the top five digital incidents that made the news throughout 2019 and caused concerns for users in the country.
In what could be the biggest data breach in recent years, a whopping 773 million unique email IDs and 21 million unique passwords were leaked back in January this year.
According to web security researcher Troy Hunt, who created the Have I Been Pwned platform, has said this data leak is part of "Collection #1" which is a set of email addresses and passwords totaling 2,692,818,238 rows, or as expert claims over 87GB worth of stolen and accessible data.
This data, your email ID and password can be used to access your accounts with platforms like Zomato, Hotstar and even bank account, losing their control over them. Thankfully, your money is unlikely to be stolen, because all financial transactions follow 2-fa ruling.
You can read the story here.
WhatsApp might tout itself as a secure messaging platform, but even that hasn't saved it from being affected by spyware called Pegasus.
Pegasus, which has been developed by an Israel-based technology firm known as NSO Group, allows the hacker access to the phone's camera, microphone, files, photos, and even encrypted messages and emails. Basically, the entire phone. And remember that it affects both Android and iOS devices.
Pegasus just sits inside the device and quietly keeps feeding information to the hacker. What's worse is that there is no way to get rid of this spyware apart from discarding the phone. Even a factory reset doesn't kill it.
For India, the spyware was reported to have infected hundreds, who mostly comprised of attorneys, journalists, human rights activists, political dissidents, diplomats and other government officials. The impact of the spyware is still yet to be disclosed, but Pegasus was a black mark on WhatsApp and its so-called encryption claims, which was ridiculed by installing a malware because of a vulnerability in one of its features.
You can read more about Pegasus and its impact over here.
Online shopping has become the platform, wherein UPI scams have become prevalent and the worrying thing is, people are inadvertently giving consent to be duped. No wonder, this has raised alarm bells for the Reserve Bank of India (RBI), which has instructed all payment entities to warn its users.
Various security experts have pointed out that the pace of digital progression in India hasn’t helped people to acclimatize to varying cyber theft concerns, which doesn’t require the fraudster at the other end to be a tech whiz to dupe someone.
Steps to prevent such mishaps are similar to what banks used to tell customers with respect to debit/credit cards.
You can know more about it over here.
A bug in caller-ID app Truecaller risked its users’ financial data on Tuesday, 30 July. The app, which helps people avoid spam callers, started registering users to the Unified Payment Interface (UPI) account with ICICI Bank without their permission.
Truecaller’s payment service works in India through the its payments partner ICICI Bank, which facilitates UPI service for the platform. The bug came to light after a user on Twitter shared his concern, as a UPI account was created with ICICI Bank without the person asking for it.
Now it’s worth pointing out that Truecaller offers payments through its app, which was made possible after it bought India-based payment firm called Chillr to support the service.
Read the full story over here.
News application Flipboard was also hacked. According to a recent announcement, the company has found out that “an unauthorised person has gained access to and potentially obtained copies of certain databases containing user information.”
Flipboard says that user information between 2 Jun 2018 and 23 March 2019, and between 21 and 22 April 2019 has been compromised in this recent breach.
The social media accounts linked to the news aggregator have not been affected. However, the database might have contained digital tokens used to connect Flipboard account to third-party accounts.
Read the story here.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)