Owing to a security error, the Indian state government might have leaked thousands of Aadhar numbers.
As per the report by TechCrunch, the web system which was used for marking the attendance of government employees in Jharkhand was shockingly left without no security measure whatsoever since 2014. In simple words, there was no password check for the web system, therefore allowing anyone to access the name, job title and phone numbers of 166,000 government employees.
Furthermore, the uploaded image file of the employees used Aadhar number as file name, which is a confidential 12-digit number each Indian citizen. These numbers aren’t strictly confidential but are treated similarly to social security number. These Aadhar numbers can be used to verify the identity of the owner in order to enroll in state services, like voting, welfare or financial assistance.
So it holds paramount importance for the Indian citizen and, unfortunately, for those 166,000 government employees that their Aadhar number can now be used for malicious purposes. According to the security researcher, Robert Bapsite, the data on the website can be easily accessed with simple Python codes. Surprisingly, the no one from the Jharkhand government or UIDAI commented on this security breach.
Previously, The Tribune reported that sensitive data regarding the employees could be accessed by paying INR 500, UIDAI, however, denied the report. Fortunately for those Indian citizens, the central database (controlled by the Unique Identification Authority of India or UIDAI) hasn’t been affected by the incident to a great extent.
It’s still unclear why the Jharkhand government site had no security checks and was basically accessible to anyone who knew where to look for. Sadly, little effort had been put in to ensure and implement a robust security system or to at least hide it from the outside world which was evident from the fact that “The Tribune” reported the issue a while back but was outrightly denied by the government.
This is somewhat similar to a data breach that occurred in Pakistan more than a year ago, where Punjab Information Technology Board was found responsible for exposing the privacy of thousands of Pakistani individuals. Basically, those with very basic computer knowledge could access the exposed directory.
They could access and download/dump dozens of GBs of the private data that included personal information such as CNIC numbers, Front and Back of CNICs, Scanned copies of all the educational degrees, work experience, CVs and more. The main reason for this security breach as per PITB was a server upgrade which prompted a bug that resulted in the data breach.
Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…
Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…
Third-party apps have long been a staple of the Android ecosystem, but their appeal has…
ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…
Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…
OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…