Verified By BOOM
Posts
How a Security Flaw Leaked Pensioners’ Data

How a Security Flaw Leaked Pensioners’ Data

January 18, 2025 • Estimated Reading Time: 8 minutes

In partnership with

Hello,

A serious security flaw in the Employees' Provident Fund Organisation (EPFO) website was discovered by researcher Nilabh Rajpooth, allowing unauthorised access to sensitive pensioner information. What kind of information was exposed? What was the scale of exposure? Read on to find out.

LEARN WITH BOOM

Have you ever received a call claiming you have a parcel stuck at customs in Taiwan? It may have been the notorious FedEx scam. This week, on BOOM’s Scam Watch series, Titha Ghosh spoke to someone who was duped in that scam and lost over Rs 1 crore.

According to the Indian Cyber Crime Coordination Centre (I4C), Indians lost over Rs 11,000 crore to scams in the first half of 2024. A large portion of that is attributed to the FedEx scam.

The FedEx scam calls follow a pattern:

A caller claims to be from customs and informs you about a suspicious package in your name that is stuck in customs.
And then tells you that it’s been found to contain illegal substances—like in Keya’s case, hundreds of grams of MDMA.
Many of these scams primarily target senior citizens.

So, beware of scare tactics:

Scammers often create an urgency to manipulate you. Your panic is their fuel.
Hang up and report: If something feels off, end the call immediately and report it to the national cybercrime portal.

MESSAGE FROM 1440 MEDIA

Receive Honest News Today

Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.

DECODE

In World’s Most Polluted Capital, Digital Divide Disrupts Education

The cost of smog: A sixth-grade student in a government school in Uttam Nagar, New Delhi, Urooj* (name changed) struggles whenever schools shut down due to pollution and the classes are moved online. There is no laptop, and just one mobile phone that the family shares.

As Delhi's Air Quality Index reached critical levels in November 2024, authorities implemented GRAP Stage IV restrictions, leading to widespread school closures.

Out of frustration: “We had online classes, but it is difficult to attend them with just one mobile phone in the household and erratic network connectivity in our area,” she says, her voice tinged with frustration.

Her story represents a harsh reality: when Delhi's air turns toxic, it's not just breathing that becomes difficult – learning becomes nearly impossible for the city's underprivileged children. Read Hera Rizwan’s report.

How a Security Flaw in EPFO’s System Leaked Pensioners' Data

A security flaw: Researcher Nilabh Rajpooth found a serious vulnerability in the Employees' Provident Fund Organisation’s (EPFO) website, allowing unauthorised access to sensitive pensioner data. The vulnerability let anyone access pension dashboards containing personal details of individuals whose pensions were stalled for various reasons. The exposed information included Pension Payment Order (PPO) numbers, mobile numbers, full addresses, and dates related to pension disbursements.

Action taken: The issue was resolved within two days after being reported to the Indian Computer Emergency Response Team (CERT-In), India’s cybersecurity agency.

Red flags: Rajpooth uncovered the flaw while using the Web Archive, a digital library that stores website snapshots. The archive’s web crawlers systematically index publicly accessible pages, but users can also submit URLs for archiving. He found over 10,000 archived links related to EPFO. One link led to a downloadable file containing a spreadsheet with sensitive pensioner details.

Read Hera Rizwan’s story to find out the scale of exposure due to this flaw.

Why Haryana’s Journalists Are Quitting Jobs to Build YouTube Channels

Independent YouTube channels like K9 Media, Ekmat Post, and City Big News are thriving, offering hyper-local news coverage as public trust in legacy media declines.
The farmers' protests served as a turning point, with local channels gaining popularity for their real-time, on-ground reporting, contrasting with mainstream media’s limited coverage.
The Haryana government’s advertising policy now includes social media platforms, but with stringent criteria and lower ad rates compared to traditional media.

Independent journalists face legal vulnerabilities, limited revenue streams, and the responsibility to balance ethical journalism with monetisation challenges. Poorvi Gupta reports.

LAW, JUSTICE ET AL

Love Vs Law: Fight For Marriage Equality Rights Not Over, Queer Community Says

Love vs law: On January 9, the Supreme Court upheld its October 2023 ruling which stated there is no fundamental right to marry. The court ruled against legalising same-sex marriage, though a minority opinion (3:2) supported civil unions for queer couples.

Dr. Pragati Singh, who leads a collective for asexual rights, views this development with a measured perspective. “People have been working in the space for queer rights for decades. The power of advocacy takes a long time on social issues like these,” she told Ritika Jain, adding, “This is like a rite of passage we have to go through.”

‘A setback’: “This is a setback but not a body blow for the fight for marriage equality,” Anish Gawande, an openly gay politician and a spokesperson for the NCP told BOOM.

‘Not over yet’: Senior advocate Anand Grover remains determined to pursue legal remedies. “This is not over yet,” he said, outlining plans to file a curative petition before the Supreme Court.

'FAKE NEWS’ YOU ALMOST FELL FOR

🔍 A few compilations of AI-generated videos showing firefighters rescuing wild animals went viral on social media as real footage from the ongoing wildfires in Los Angeles, in United State's California. Read 🔗 Archis Chowdhury’s ↗️ fact-check.

🔍 A video collage showing police arrests alongside visuals of multiple fires was being circulated with the claim that the Federal Bureau of Investigation (FBI) in United States has arrested the CEO of a company accused of planning the Los Angeles, California fire to develop a real estate project. 🔗 Srijit Das ↗️ debunked the claim.

🔍 Social media was rife with a video showing American pop star Taylor Swift calling the ongoing wildfires in Greater Los Angeles in United States' California a "divine retribution" against the US for supporting Israel's bombings in Gaza. But, is this a legit video? Find out in 🔗 Archis Chowdhury’s ↗️ fact-check.

🅱️ RECOMMENDS

This week's recommendation is: You’d never fall for an online scam, right?

Was this forwarded to you?

Verified By Boom is written by Divya Chandra, edited by Adrija Bose and designed by H Shiva Roy Chowdhury.

If you have suggestions about this newsletter or want us to conduct workshops on specific topics, drop us a line at 👉 [email protected] and we will get back to you in a jiffy. Thanks for reading. See you next week.👋

—🖤 Liked what you read? Give us a shoutout! 📢

—Become A BOOM Member. Support Us!

—Stop.Verify.Share - Use Our Tipline: 7700906588

—Join Our Community of TruthSeekers