- Database encompasses roughly 49.25m records spread over 250 tables
Tradgo.in, an Indian platform reputed for its involvement in financial transactions, Aadhaar-based services, and user data management, has reportedly been compromised.
A threat actor claims to be offering the platform’s comprehensive database on an online forum, a disclosure that raises significant alarm given the nature and sensitivity of the information involved.
Tradgo.in is a pivotal entity within India’s digital ecosystem, as it handles vast amounts of personal and financial data for millions of users. The alleged unauthorised access and sale of its database could potentially affect an extensive user base, exposing them to privacy infringements, financial fraud, identity theft, and other cyber threats.
The platform’s integration with Aadhaar services—India’s biometric identification system—adds an additional layer of gravity to the breach, underscoring the criticality of safeguarding such sensitive information.
According to the threat actor, the database in question is substantial, with a size of approximately 4.4 gigabytes encompassing roughly 49.25 million records spread over 250 tables.
Such a voluminous dataset ostensibly contains highly sensitive categories of information, ranging from Aadhaar details and verification data to user profiles, financial transactions, and payment records.
Specifically, the database reportedly includes:
- Aadhaar data and verification details, which are integral to personal identification.
- User profiles with names, contact information, and supplementary personal details.
- Records of wallet transactions, payment histories, recharge dealings, and ICICI bank payment data, reflecting the financial activity of users.
- Information related to order management, API balance logs, and operational configurations.
The threat actor’s approach to monetising this data includes inviting interested parties to negotiate pricing privately, further exacerbating concerns about the potential misuse of this information.
Aadhaar information
The ramifications of this incident are manifold. Primarily, the privacy and security of millions of individuals are jeopardised, especially when the compromised data includes Aadhaar information, which serves as a cornerstone of identity verification in India.
Exposure of such data could facilitate identity fraud and unauthorised transactions, damaging individuals both financially and reputationally. Moreover, the breach could undermine public trust in digital platforms and government-backed identification services, leading to hesitancy in embracing technological advancements aimed at streamlining financial and administrative processes.
From a regulatory and organisational perspective, this incident highlights the pressing need for robust cybersecurity measures, stringent data protection protocols, and rapid incident response mechanisms.
Companies dealing with sensitive information must prioritise encryption, multifactor authentication, and regular security audits to mitigate risks. Additionally, there is a critical role for government agencies to enforce compliance with data privacy laws and to facilitate timely communication and support for affected users.