In a fresh incident which must be considered a “wake-up” call, approximately 5,000 identity documents of Indian citizens, including Aadhaar, driver’s license, passport and PAN have been dumped on the dark web by a suspected Pakistani hacker. Upon further research, it has been discovered that the same person allegedly leaked the data on publicly accessible forums. All compromised critical data is now just a Google search away.

Threat actors often resort to the dark web to fetch or purchase obscured data illegally. These deals are often made in private channels and pose a critical threat to individual identity theft.

But most recently, an alleged Pakistani perpetrator “sold” identity documents of about 5,000 Indian people to not only enclosed Telegram channels but also leaked them on publicly accessible forums. This constitutes a far bigger threat to identity theft. Illegal groups may now be able to access the identity documents of thousands of citizens with just a Google search.

threat intelligence researcher reportedly unearthed an alleged “Pakistani” forum on the dark web where a group of suspected threat actors communicate via private channels on Telegram. Saumay Srivastava masked his identity and disguised himself as one among the group.

Most conversations in the group were in Urdu and there were pictures of the Pakistani flag on the channel's profile. After days of trailing the discussions, he “found that they claim to have various data dumps of Indian government agencies, including Indian Railways, and certain corporate bodies as well.”

Soon after, a threat actor “posted approximately 5.5 GB dump link of Aadhaar and PAN cards.” It comprised 1,059 Aadhar and PAN cards with scanned copies as well.

He also reported the breach to CERT-In and the director of UIDAI (Unique Identification Authority of India)

India Today Investigation

India Today investigated the story from different angles. Upon further research, the allegedly same threat actor was found dumping the compromised data on publicly accessible leak forums. Around 4000 more Aadhaar cards, PAN cards, passports, and driver's licenses were leaked openly on a website. The alleged threat actor even dumped scores of Netflix account details with passwords and international identity documents over this hacker’s forum on the surface web.

The Aadhaar/PAN documents which have been leaked were verified independently to be original.

What is dark web?

The online websites we surf every day constitute just a fraction of the World Wide Web. Beyond this “surface” internet is the deep web and within the deep web lies the dark web. Darkweb is an overlay of hidden networks within the Internet that can only be accessed with specific software, configurations, or authorisation, and often uses a unique customised communication protocol.

This content is intentionally hidden or encrypted and is not indexed by conventional search engines and can only be accessed using special configurations or browsers like Tor browser - where user anonymity is untaped. It is a subset of the deep web that is all content not indexed by traditional search engines.

Aadhaar leak exposed by Cyble

Last year in July, a cybercrime agency, Cyble in the course of routine dark web monitoring discovered that at least 20 million Aadhaar card numbers were leaked allegedly from Tamil Nadu Public Distribution System (TNPDS) database. The breach has exposed 31M personally identifiable information (PII) of citizens from Tamil Nadu, in addition to 20 million Aadhaar card information, thereby compromising a total of 51 million records.

What do cyber experts say?

India Today spoke to the Chief Scientist of UNSW (University of New South Wales) Institute for Cyber Security, Sanjay Jha, to understand the modus operandi of global cyber-attacks.

He established that such incidents are “most complicated” for intelligence agencies to investigate as data is stacked locally and passed into the hands of multiple threat actors before being dispersed into the dark web. Most countries in the digital age are exposed to the risks of increasing cyber-attacks.

He mentioned that these breaches threaten individuals' confidence in using online services and pose a serious challenge to the industry- amounting to identity theft. Offenders can use collected data to compromise your current accounts and impersonate you by using your data to get more forms of identification or employment details.

Speaking on the recent ransomware attack in AIIMS by suspected Chinese perpetrators, he denied that there is any likelihood of a cyber war between the nations in wanton.

“The myth of security is always more dangerous than lack of security. Securing Aadhaar’s own database or the underlying infrastructure doesn’t guarantee the security of Aadhaar as a whole. It is a method of identification, hence can be stolen from any of the many places where it is used.” said Offensive Security Certified Professional (OSCP) cybersecurity expert, Vivek Yadav.


“Even though VID(virtual identity) is a step in the right direction toward increasing security, it still becomes useless if organisations refuse to accept it or if the actual Aadhaar number has already been shared with numerous people or organisations.”

"In the recent event, prima-facie the data being shared looks like it leaked though a third party application keeping such user records, and that’s exactly why Aadhaar has always been a serious privacy concern. Compromise of such data by an attacker may lead to identity theft, causing anything ranging from financial frauds, loan frauds, usage in terrorist activities to even planned fatal attacks on the target/victim.” he adds.


Excerpt from article by Bidisha Saha, read the full article here