Another security failure has occurred in India which has led to the leak of millions of Aadhaar card numbers by popular Indian gas agency Indane.
According to a report by TechCrunch, the state-owned gas company allowed various dealers and distributors to access some part of its website, leading to leakage of users’ Aadhaar numbers, as confirmed by a security researcher who wished to maintain anonymity.
The part of the website which Indane left exposed could only be accessed by logging in with a username and password. However, as the page was indexed by Google, anyone could bypass the login page and gain unrestricted access to their user information.
Additionally, the report suggests that security researcher Baptiste Robert has found that over six million users were affected by the security lapse using a custom-built script to dig out the database, for which screenshots have been provided.
In response to the report, Indane has denied claims of Aadhar data leak and tweeted an official statement:
— Indian Oil Corp Ltd (@IndianOilcl) February 19, 2019
Since Indane has refused to acknowledge the data leak despite the proof, Elliot Anderson snapped back with a meme to take a dig at the company’s arrogance. Meanwhile, UIDAI did not respond to the same.
— Elliot Alderson (@fs0c131y) February 19, 2019
For those who have forgotten, around 1,66,000 Aadhaar card numbers were recently leaked by the Indian state government of Jharkhand as its web system was left unattended since 2014.
The incident raises questions on how safe our Aadhaar card and personal data are, further calling for immediate security steps.
What do you have to say about this? Drop your views below in the comment section.