A French security researcher has reportedly discovered a security lapse, which exposed millions of Aadhaar numbers of dealers and distributors associated with Indane, an LPG brand in the country. This is not the first time the controversy around Aadhaar and privacy concerns have made headlines.
“Due to a lack of authentication in the local dealers portal, Indane is leaking the names, addresses and the Aadhaar numbers of their customers,” said Elliot Alderson on Twitter. Tech Crunch reported that the website of the Indane was indexed in Google, which further allowed anyone to access dealer database without even entering the ID and password in the page. The cited source reported that the page that displayed the data of dealers has now been taken down.
The French security researcher asserted that he found data of 11,000 dealers leveraging a custom-built script on the Indane website. Alderson reportedly got access to around 5.8 million Indane customer records, before his IP got blocked. He also estimated that the massive Aadhaar data leak might have exposed data of 6.7 million customers. “I wrote the python script. By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9,490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak,” he wrote.
Watch: Mars Season 2
This seems to be a massive data leak, which further raises questions on the Unique Identification Authority of India (UIDAI), and what it does to guard the Aadhaar data of Indians. A large volume of private and confidential data are amassed in one singular Aadhaar database. There’s also no word on how long the mentioned website has stayed exposed are sparse.