The Electronics and IT Ministry has issued an advisory to VPN providers and online intermediaries against enabling access to sites like proxyearth.org and leakdata.org that expose citizens’ private information.
Government flags data leak websites posing privacy risks
The Ministry of Electronics and Information Technology (MeitY) on December 11 issued a strong advisory to Virtual Private Network (VPN) service providers and online intermediaries, warning them against permitting access to websites that publish or circulate personal data of Indian citizens without consent.
The ministry flagged proxyearth.org and leakdata.org, among others, for allegedly allowing users to search sensitive personal details such as names, phone numbers, email IDs, and addresses merely by entering an Indian mobile number.
MeitY described such activities as a serious threat to individual privacy and safety, stating that these platforms violate Indian laws protecting citizens’ data and digital security.
Advisory reminds intermediaries of legal obligations
The advisory underscores that online intermediaries and service providers are legally bound under the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to prevent misuse of their platforms.
It emphasizes that intermediaries must not host, display, or permit access to content that belongs to another person, invades privacy, or affects public order, national security, or India’s sovereignty and integrity.
MeitY also warned that VPN services, which often enable users to bypass content restrictions, must ensure their infrastructure is not used to access or distribute illegal or privacy-violating data.
Sites allow lookup of personal data through mobile numbers
According to the ministry’s findings, certain online platforms are illegally storing and exposing citizens’ personal data, enabling users to search for individuals’ details through phone numbers or other identifiers.
These websites allegedly act as data aggregation hubs, offering access to databases that may have been compiled through unauthorized leaks, scraping, or breaches of online systems.
Officials have expressed concern that such data exposure could lead to identity theft, targeted scams, financial fraud, or stalking, posing serious cyber safety challenges.
Platforms operating in violation of Indian law
MeitY said that the flagged websites were operating in contravention of Indian data protection and IT laws, and directed intermediaries to block access or take down such links immediately.
The advisory also reiterated that non-compliance could attract legal consequences, including suspension of safe harbour protections under Section 79 of the IT Act, which exempts intermediaries from liability only if they act responsibly and follow due diligence.
The ministry’s warning forms part of India’s broader push to tighten enforcement around digital privacy and curb online activities that exploit citizens’ data without authorisation.
User safety and accountability under focus
The move signals the government’s ongoing emphasis on data accountability, particularly as India transitions into a comprehensive data protection regime under the Digital Personal Data Protection Act, 2023.
Officials said the advisory aims to reinforce that intermediaries ranging from VPN providers to social platforms must take active responsibility for preventing the circulation of unlawfully obtained personal data.
MeitY has urged platforms to adopt robust technical safeguards, strengthen content monitoring, and report suspicious activities to law enforcement agencies.
