The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities.
The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing portal to access up-to-date personal and financial data of other people. The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security bug in India’s income tax portal exposed taxpayers’ sensitive data
October 7, 2025
The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities. The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing ...
- India: Thousands of bank transfer records found spilling online after security lapse
September 26, 2025
A data spill from an unsecured cloud server has exposed hundreds of thousands of sensitive bank transfer documents in India, revealing account numbers, transaction figures, and individuals’ contact details. Researchers at cybersecurity firm UpGuard discovered in late August a publicly accessible Amazon-hosted storage server containing 273,000 PDF documents relating to bank transfers of Indian customers. Read more… Source: ...
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
May 27, 2025
Trend Micro researchers have been tracking an active intrusion set that primarily targets organizations located in countries including Brazil, India, and Southeast Asia since 2023. The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations. The actor also takes advantage of various known vulnerabilities to ...
- Court document reveals locations of WhatsApp victims targeted by NSO spyware
April 9, 2025
NSO Group’s notorious spyware Pegasus was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign, according to a new court document. The document was published on Friday as part of the lawsuit that Meta-owned WhatsApp filed against NSO Group in 2019, accusing the surveillance tech maker of exploiting a ...
- India arrests man accused of running $96 billion crypto exchange at request of US
March 12, 2025
Indian authorities have arrested a Lithuanian man wanted by the US for allegedly running a $96 billion cryptocurrency exchange that allowed terrorist organizations, drug traffickers and cybercriminals to launder money. The arrest caps an intense US-led manhunt for Aleksej Besciokov, that escalated last week with the seizure of the crypto exchange, the freezing of $26 million ...
- Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
March 4, 2025
In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano. Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have ...