India’s cybersecurity framework is once again under scrutiny after a new website, LeakData.org, publicly exposed sensitive personal data of Indian citizens, including mobile numbers, email IDs, alternate numbers, residential addresses, and Aadhaar-linked information. The revelation follows closely on the heels of another platform, Proxy Earth, which recently triggered nationwide alarm by leaking similar personal data online.
Authorities had moved swiftly to block Proxy Earth’s access and disable its mobile application, which has since been re-purposed to distribute gaming content. However, the emergence of LeakData.org underscores that the threat to India’s digital privacy ecosystem is far from over.
Website Created in December, Telegram Group Draws 300 Members
According to initial findings, LeakData.org was launched in December 2025. Its operators also created a Telegram group on December 8, which now has around 300 members. The website reportedly allows anyone to search and access information on up to 12 individuals using their mobile numbers or email IDs.
Although not all numbers appear in its database, the available data has already raised serious privacy concerns. The operators have also developed a mobile app, which provides access to the same information directly through smartphones.
Experts Warn: “A Dangerous Tool for Cybercriminals”
Dr. Digvijay Singh Rathore, Nodal Officer of the Cyber Club at Veer Bahadur Singh Purvanchal University, said that if such personal data continues to be exposed publicly, it could become a “powerful weapon for cybercriminals.”
“Such information can be exploited for financial fraud, phishing, identity theft, and large-scale cyberattacks. This is a deeply worrying trend,” Dr. Rathore said.
He further noted that the repeated appearance of new data leak platforms highlights gaps in the enforcement and monitoring of India’s data protection framework.
New Feature Launched: “Hide My Data”
Amid growing controversy, LeakData.org has attempted to present itself as a “responsible platform” by introducing a new feature called “Hide My Data.” According to the website, this tool allows users to instantly hide their mobile numbers or email IDs from public searches.
How the feature works
- Instant Action: Once a user submits their number or email through the form, it is immediately added to the platform’s “Do Not Display” registry.
- No Questions Asked: The website claims no identity proof is required. Any individual requesting data removal will have their information hidden immediately.
- Permanent & Secure: The platform asserts that all requests are stored in an encrypted database, ensuring that once a record is hidden, it will no longer appear in future search results.
After submitting a request, users see a message stating:
“Request Submitted! Your mobile number has been added to our Do Not Display registry. It will be hidden from search results immediately.”
Government Agencies Begin Probe Amid Investigation Challenges
Sources said that India’s Computer Emergency Response Team (CERT-In) and the cybersecurity division of the Ministry of Home Affairs have begun investigating the website’s origins and data sources. Preliminary assessments suggest that the data on LeakData.org may have been compiled from public databases and previous leaks, rather than from direct hacking or breaches.
LeakData.org, for its part, claims that all its data comes from “publicly available sources” and that it has not engaged in illegal data acquisition. However, experts argue that even so-called “public” datasets, when aggregated and shared this way, violate citizens’ right to privacy and may constitute a breach of India’s digital laws.
Questions Over Data Protection Enforcement
Although India’s Digital Personal Data Protection (DPDP) Act has come into effect, incidents like this expose implementation weaknesses in the country’s data governance structure. Cybersecurity analysts believe that the government must go beyond merely blocking websites and instead focus on targeting the broader data brokerage networks behind such platforms.
“This is not just a technological issue—it’s a matter of national security,” a senior cyber analyst said.
