Another leak has just come to light where details of a whopping 6,700,000 Aadhaar members were leaked out in the open. Sadly, the leak was from an Indian gas distribution company Indane.
The report, via TechCrunch, states that India’s state-owned gas company Indane exposed a part of its dealers and distributors list of gas consumers under it. The details listed around 6,700,000 Aadhaar card users’ information, which contains their phone numbers and addresses. What was even worst was that part of this Indane’s website was indexed by Google, which allowed anyone to bypass the login details and gain access to a huge database.
The database was found by a security researcher who chose to remain anonymous. However, he revealed the same to French security researcher Baptiste Robert with a prior experience in investigating Aadhaar exposures in the past. He goes with an online name “Elliot Alderson,” who after a detailed investigation of the exposure provided the results to TechCrunch.
‘Using a custom-built script to scrape the database, he found customer data for 11,000 dealers, including names and addresses of customers, as well as the customers’ confidential Aadhaar number hidden in the link of each record,’ stated TechCrunch.
Robert used a custom-built script to scrape the information from the database, after which he found customer data for around 11,000 dealers, which included names and addresses of customers, as well as the customers’ confidential Aadhaar number hidden in the link of each record. After verifying the leaked details with Aadhaar’s own official database, TechCrunch went out to report the matter to public. The leak was reported on February 10, post investigation it was informed to Indane on the February 16 and after no response from the gas company, the matter was made public on February 19.
The entire report can be found here.
This is presently the latest known security lapse with respect to Aadhaar and where an energy company in India has caused the mishap. The leaked information has unfortunately exposed sensitive information of almost 6.7 million users out of its 90 million consumer base.
‘The exposure is likely to reignite fresh concerns that the Aadhaar system is not as secure as UIDAI has claimed. Although few of the security incidents have involved a direct breach of Aadhaar’s central database, the weakest link remains the companies or government departments that rely on the data,’ said TechCrunch.
TechCrunch did not get any reply after connecting with both Indane and UIDAI.