New Delhi: A platform launched by the Reserve Bank of India (RBI) to help people trace unclaimed bank deposits allegedly exposed personal information linked to dormant accounts, according to an independent cybersecurity researcher, the Mint reported.The platform, Unclaimed Deposits Gateway to Access Information (Udgam), includes 30 participating banks and allowed users to search records of unclaimed deposits until May 25 using a mobile number and one-time password.Cybersecurity researcher Avinash Jain said RBI documentation for the Udgam only permits the disclosure of names, places, bank names and UDRNs. However, the searchable records on Udgam included residential addresses as well.Jain said that residential addresses were not listed among the approved output fields in the user manual or other RBI documents. He informed the Cyber Emergency Response Team (Cert-In) about the issue through email on May 24, the report said.According to Jain, public access to address details could increase the risk of phishing attempts, impersonation and financial fraud, as the information could be used to gain trust and obtain additional personal data.The RBI has also not disclosed the total number of dormant account entries available through the platform. Jain, who has worked in cybersecurity roles at companies including Cred and Microsoft, said the issue may have existed since the platform was launched in August 2023.According to the report, access to Udgam was disrupted on Tuesday after its login system stopped functioning. It was not immediately known whether the platform had been updated or patched.A day earlier, Cert-In issued a directive on fixing vulnerabilities in critical internet-facing systems. The advisory said known vulnerabilities in such systems should be addressed within 12 hours where feasible.Cybersecurity experts cited by Mint said the exposed information could potentially be combined with data from leaked databases to identify details such as PAN and Aadhaar numbers.