Redditor finds Aadhaar, PAN and passports of many Indians freely available on Google; raises concerns over data security
Sep 26, 2024, 16:54 IST
Identity and data theft have become a huge problem in today’s world and there’s no dearth of scammers looking to take advantage of you using your personal documents. And poor security practices by certain websites have made it so that a hacker need not even go through the trouble of hacking, all the important information is simply laid out on Google for their convenience.
A recent revelation on a Reddit thread has highlighted the significant data security threat in India, where millions of sensitive personal documents like Aadhaar cards, PAN, voter IDs and passport details are freely available on Google. This massive breach has sparked widespread concern, especially as these documents are directly linked to critical aspects of one's life, such as bank accounts and SIM cards.
Who is to blame?
As one redditor pointed out, the primary reason for these leaks isn’t just the Indian government’s UIDAI security breaches. Such data breaches often happen due to a combination of poor security practices and the lack of encryption on various websites.
Most of the leaked documents were photographs of the IDs. This is because Indians tend to share their Aadhar rather indiscriminately and organisations, including schools, colleges, corporate offices and government agencies, store personal data without adequate safeguards.
Without appropriate data protection measures, such as securing their databases, encrypting sensitive information or using password-protected directories, our personal documents end up getting exposed on the internet, making them easily accessible through search engines like Google. A simple search query like "index of Aadhaar card" can reveal sensitive pages that should have been hidden or protected by the website but aren't due to negligence.
Hackers and cybercriminals exploit these vulnerabilities to gain unauthorised access to such data. In some cases, as seen with the recent data breach involving the records of 81.5 crore Indians, threat actors actively target poorly secured databases and leak this information on darknet forums for monetary gains.
What is the solution?
Search engines like Google are wired to index everything on the internet that they can get their hands on. And so, web developers must manually disable indexing to protect sensitive documents, a redditor commented. Another suggested that the Information Technology Act, 2000 was outdated and needed to be tweaked to suit current-day technology.
In the meantime, organisations should encrypt sensitive data, ensuring that even if unauthorised access occurs, the information remains protected. Web developers must use HTTPS and ensure that directories containing sensitive information are password-protected. Implementing firewalls and regularly updating software can also prevent security breaches.
Employees should be trained on data privacy and the importance of handling sensitive information securely. They should be taught to recognise phishing scams and other potential threats.
Since regular people have no way of knowing for sure how safe their documents will be on a certain website, the best you can do is use masked ID (or) Virtual ID. These will reduce your risk of exposure to any said scams.
Implementing 2FA adds an extra layer of security to accounts, making it harder for cybercriminals to access them. You can ensure that your ID is linked with your phone number and mail such that if anyone accesses your Aadhar for verification, you get notified and you may raise a complaint against authentication of aadhar.
The recent data breaches in India are a wake-up call for both individuals and organisations to take data security seriously. With the right preventive measures and increased awareness, we can minimise the risk of such sensitive information falling into the wrong hands.
Advertisement
A recent revelation on a Reddit thread has highlighted the significant data security threat in India, where millions of sensitive personal documents like Aadhaar cards, PAN, voter IDs and passport details are freely available on Google. This massive breach has sparked widespread concern, especially as these documents are directly linked to critical aspects of one's life, such as bank accounts and SIM cards.
Who is to blame?
As one redditor pointed out, the primary reason for these leaks isn’t just the Indian government’s UIDAI security breaches. Such data breaches often happen due to a combination of poor security practices and the lack of encryption on various websites.Most of the leaked documents were photographs of the IDs. This is because Indians tend to share their Aadhar rather indiscriminately and organisations, including schools, colleges, corporate offices and government agencies, store personal data without adequate safeguards.
Without appropriate data protection measures, such as securing their databases, encrypting sensitive information or using password-protected directories, our personal documents end up getting exposed on the internet, making them easily accessible through search engines like Google. A simple search query like "index of Aadhaar card" can reveal sensitive pages that should have been hidden or protected by the website but aren't due to negligence.
Hackers and cybercriminals exploit these vulnerabilities to gain unauthorised access to such data. In some cases, as seen with the recent data breach involving the records of 81.5 crore Indians, threat actors actively target poorly secured databases and leak this information on darknet forums for monetary gains.
Advertisement
What is the solution?
Search engines like Google are wired to index everything on the internet that they can get their hands on. And so, web developers must manually disable indexing to protect sensitive documents, a redditor commented. Another suggested that the Information Technology Act, 2000 was outdated and needed to be tweaked to suit current-day technology.In the meantime, organisations should encrypt sensitive data, ensuring that even if unauthorised access occurs, the information remains protected. Web developers must use HTTPS and ensure that directories containing sensitive information are password-protected. Implementing firewalls and regularly updating software can also prevent security breaches.
Employees should be trained on data privacy and the importance of handling sensitive information securely. They should be taught to recognise phishing scams and other potential threats.
Since regular people have no way of knowing for sure how safe their documents will be on a certain website, the best you can do is use masked ID (or) Virtual ID. These will reduce your risk of exposure to any said scams.
Implementing 2FA adds an extra layer of security to accounts, making it harder for cybercriminals to access them. You can ensure that your ID is linked with your phone number and mail such that if anyone accesses your Aadhar for verification, you get notified and you may raise a complaint against authentication of aadhar.
Advertisement
The recent data breaches in India are a wake-up call for both individuals and organisations to take data security seriously. With the right preventive measures and increased awareness, we can minimise the risk of such sensitive information falling into the wrong hands.