LeakData.org Exposes Indian Citizens’ Personal Data, CERT-In Launches Probe

LeakDataOrg Publishes Personal Data of Indians, Triggering CERT-In Probe

India’s cybersecurity infrastructure is facing renewed pressure after a newly launched website, LeakData.org, publicly released sensitive personal details of citizens—including phone numbers, email IDs, alternate contacts, residential addresses, and Aadhaar-linked data. The leak comes shortly after the takedown of another controversial platform, Proxy Earth, signalling that data exposure threats remain active and evolving.

Website Launch and Telegram Group Activity Raise Red Flags

Investigators report that LeakData.org went live in December 2025. Its operators simultaneously launched a Telegram group on December 8, which amassed nearly 300 members within hours. The site allows users to search data on up to 12 individuals through their mobile numbers or email IDs, instantly displaying whatever records are available in its database.

Although not every search returns a match, the presence of even partial datasets has created significant alarm. A mobile application connected to the website has also surfaced, making the leaked information accessible directly through smartphones.

Experts Warn of Major Cybercrime Risks

Cybersecurity experts say the platform poses immediate and serious danger.
Dr. Digvijay Singh Rathore, Nodal Officer of the Cyber Club at Veer Bahadur Singh Purvanchal University, cautioned that publicly accessible data of this nature can become a “weapon” for cybercriminals. Such information can easily fuel:

• Financial fraud

• Phishing attacks

• Identity theft

• Social engineering schemes

He added that recurring leak episodes highlight loopholes in the enforcement of India’s data protection mechanisms, especially in tracking online data brokers.

LeakData.org Introduces ‘Hide My Data’ Feature Amid Criticism

In response to mounting backlash, the operators of LeakData.org rolled out a feature called “Hide My Data,” promoting it as a user-protection tool. According to the platform, users can request immediate removal of their phone numbers or email addresses from search results.

The feature works by:

• Allowing instant submission of mobile numbers or email IDs

• Automatically adding them to a “Do Not Display” registry

• Storing removal requests in what the site claims is an encrypted database

After a request is submitted, users receive a confirmation that their data will no longer appear on the site. Critics, however, argue that the feature does not address how the platform obtained the data in the first place.

CERT-In and MHA Begin Investigation Despite Complex Challenges

CERT-In and the Ministry of Home Affairs’ cyber division have initiated a probe into the origins of LeakData.org and its data sources. Early analysis indicates that the platform may have aggregated information from previously leaked datasets, public databases, and unregulated digital repositories rather than direct system intrusions.

LeakData.org insists that all information is “publicly available,” a claim cyber experts dispute, noting that aggregation itself can violate digital privacy laws and enable large-scale misuse.

Data Protection Enforcement Under Question

Even with the Digital Personal Data Protection (DPDP) Act now active, the recurrence of mass data exposure incidents raises questions about enforcement and monitoring. Analysts argue that India must move beyond merely blocking such sites and instead dismantle the broader ecosystem of data sellers, intermediaries, and anonymous operators who enable these platforms to thrive.

Data breaches like this highlight how sensitive information—whether personal or financial - can be misused when not protected by strong compliance systems. For businesses, accurate financial management and secure bookkeeping frameworks help reduce exposure to operational and regulatory risks.

Explore reliable, transparent bookkeeping solutions here: Bookkeeping Services in India