The cyber crime police branch of Maharashtra, an Indian state with over 50,000 COVID-19 cases, has confirmed that the personal data of around 29 million Indians seeking jobs via online portals has been leaked and is on sale on the dark web.
The dark web contains an array of illegal data that includes unencrypted and stolen information which can be purchased for hack attacks and spyware.
The personal information exposed in this case includes names, locations, email IDs, and unique Aadhaar Card numbers among other sensitive data, the media reported.
Revealing that the data may have been leaked on the dark web via a phishing website, Yashasvi Yadav, Inspector General of Maharashtra Cyber Police, has called the leak a "very serious crime".
Phishing websites, also referred to as "spoof sites", try to steal confidential information of web users by presenting themselves as a legitimate website.
At present, the black market value of this massive leaked data base remains undisclosed.
This data breach case follows many others, where sensitive information of internet users has found its way to the dark web.
In February, the emails, passwords, and other private information of BGR India was leaked on the dark web. BGR, which stands for Boy Genius Report is a US-headquartered tech website that also operates from India.
In October 2019, the confidential data of nearly 1.3 million Indian debit and credit cardholders was compromised on the dark web, exposing them to the risk of online financial fraud. The massive private data leak was estimated to have a black market value of roughly $130 million.