Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Employee’s Provident Fund organisation, India website found INSECURE

Security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India). In a recent incident an information security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India) which could have led to the theft of millions of user’s data. Eioneus Systems […]

Employee’s Provident Fund organisation, India website found INSECURE

Security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India).

In a recent incident an information security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India) which could have led to the theft of millions of user’s data. Eioneus Systems is an information Security firm based out of Pune. According to the official at Eioneus Systems Snehil Khare, the issue was reported immediately to CERT-IN, NIC, and other government sources which were felt necessary  at the time.

Employee’s Provident Fund

As per reports the issue was critical and gave access to country’s entire Provident Fund database. Moreover, it stated that vulnerability could be exploited to gain complete access to the machine leading to full compromise. Well, the tech firm demonstrated an excellent behavior in doing a responsible vulnerability disclosure.

Due to the sensitive nature of the incident, complete details of the vulnerability was not shared but it came to light that the bug gave access to information such as Provident fund balance, Individual’s KYC details, phone numbers, PAN numbers, bank details ;etc of every provident fund user in the country. The tech firm has shared few screenshots to support their claims of accessing the massive database.

Employee’s Provident Fund

Employee’s Provident Fund

In a chat with Security Affairs, Snehil Khare clarified his intentions further stating “Our motive is to do a responsible vulnerability disclosure and not to abuse the information which was accessed. Our intention was to draw the attention of authorities towards major security concern identified, without ignoring it.”

According to Eioneus systems , the issue came to their knowledge on 3rd Dec 2016 while browsing the website for usual UAN related features that website offers. The issue was reported immediately to CERT-IN (Computer emergency response team) and was acknowledged by CERT-IN in no time.

Employee’s Provident Fund Employee’s Provident Fund

About the Author Avantika Tripathi 

Marketing Head at Eioneus Systems

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Employee’s Provident Fund, hacking)