+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Indian government portal leaks 8.9mn Aadhaar details, again

Apr 27, 2018, 18:06 IST
Union Minister of Electronics & Information Technology and Law & Justice, Ravi Shankar Prasad shows his Aadhaar card while addressing a press conference on Supreme Court's ruling on Right to Privacy, at Shastri Bhavan in New Delhi on Thursday.Photo by Subhav Shukla
  • Two consecutive leaks from Kodali of Aadhaar numbers
  • Posted leaked numbers on Twitter
  • Database maybe secure but government portals need additional security
Advertisement
Two new cases have come to light with a total of 8.9 million Aadhaar numbers of MGNREGA beneficiaries leaked through the Andhra Pradesh Benefit Disbursement Portal. The details were spotted by Srinivas Kodali, also known as @digitaldutta, who published screenshots on Twitter.
His earlier tweet shows how people’s Aadhar numbers are being to used to collate data on their location, religion, caste, phones numbers and bank account numbers.
The first leak by Kodali was from the Andhra Pradesh State Housing Corporation. It showed an even grimmer reality of how Aadhar numbers are being linked to caste, the type of house a person lives in and the extent of damage it has suffered.
Since then, he has reported the issue to the authorities, but his fear is that the surveys conducted in Andhra and Telangana have allowed citizens to carry phones and biometric readers, collecting private information on almost every individual.

Not the first time

Most recently, Karan Saini, a security researcher, told ZDNet that Aadhaar card information could be obtained through Indane’s system, a state-owned utility company. According to them, they tried to contact the authorities for over a month through several avenues but to no avail.

The affected endpoint was only pulled offline once the story had gone live.

Advertisement

The Tribune also looked into the Aadhaar database and found that they could attain all the details about a person by typing in the 12-digit unique identification number once they paid an agent ₹500 (approximately $8). For another ₹300 (approximately $5), that same individual could even print out a copy the Aadhaar card, which could then be used to access various government schemes.

Even the Android Aadhaar app was hacked by Robert Batiste, a french researcher, in under a minute.
That said, Aadhaar breaches haven’t been directly through the Aadhaar database, but through various government portals and third-parties. So, Ajay Bushan Pandey, CEO of UIDAI, wasn’t incorrect when he said that there have been no data leaks from the UIDAI database.

The Aadhaar card system, in its usage, is more than just the database. There’s a wide ecosystem to be take in to account where security concerns are yet to be addressed. A secure database doesn’t necessarily imply security of information since so much of it exists outside the Aadhaar database itself.




Advertisement

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article