comscore Aadhaar data of 110 crore Indian farmers exposed online

Aadhaar data of 110 crore Indian farmers exposed online due to faulty govt website

According to a security researcher, Aadhaar data of almost 110 crore Indian farmers was exposed online owing to a bug in the PM Kisan website. Cert-In has since fixed the issue in the site.

aadhaar card

Aadhaar data of millions of Indian farmers was left exposed online owing to a bug in a government website. According to a report by security researcher Atul Nair, a part of the Indian government’s Pradhan Mantri Kisan Samman Nidhi website was revealing Aadhaar-associated detail of farmers’ who are benefitting under the scheme, TechCrunch reported. Also Read - Soon Aadhaar cardholders will be able to access basic services from home: Here’s how

Pradhan Mantri Kisan Samman Nidhi is an initiative by the Indian government to provide minimum basic income to all the farmers in the country. Benefits under this scheme are paid annually and farmers get up to Rs 6,000 per year as minimum income support from the government. Also Read - Govt withdraws statement advising people against sharing Aadhaar photocopies

Now, the security researcher has said that a portion of the initiative’s website was returning farmers’ Aadhaar numbers. “PM Kisan website provides a dashboard feature to view various charts and data. An endpoint in the dashboard was leaking Aadhaar numbers of all the farmers based on region (state, district, village),” he wrote in a blog post. Also Read - How to verify if an Aadhaar number is real or fake

Nair also said this bug could have enabled attackers to gathered all the data pertaining to the farmers in the scheme by writing a basic script leaving personal data of million of farmers exposed online. As of now, the Pradhan Mantri Kisan Samman Nidhi website has more than 11 crore farmers are registered on the platform. This means that attackers could have easily accessed personal data of over 110 million farmers.

Notably, this is a not exactly a new discovery. Nair, in his blog post, said that he first discovered this bug back in January this year following which he flagged it off to India’s Computer Emergency Response Team or CERT-In. The bug was finally fixed last month.

This is not the first leak

It is worth noting that this is not the first time that Aadhaar details of Indian citizens have been exposed online. In the past couple of years, security researchers have documented several cases wherein Aadhaar-linked databases were left exposed online.

Back in 2019, a bug in the part of the website of the state-owned gas company Indane left Aadhaar data for dealers and distributors exposed Aadhaar details of customer online. French security researcher, Robert Baptise, who goes by Elliot Anderson on Twitter said that he found Aadhaar records of around 5.8 million Indane customers before his code was blocked by the government.

In the same year, web system that is used for recording attendance of government workers in Jharkhand was left exposed online. The bug could have easily led anyone run a basic code to access names, job titles, and partial phone numbers of roughly 166,000 government workers in the state.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: June 14, 2022 11:09 AM IST
  • Updated Date: June 14, 2022 2:05 PM IST

new arrivals in india