Recently, Jharkhand government accidentally leaked Aadhaar information of about 1,66,000 workers. Read on to know more about this latest data leak…
Since the launch of Aadhaar, the 12-digit unique identification number that is issued by the Unique Identification Authority of India (UIDAI), it has been center of a number of controversies in India. These controversies include leakage of user data privacy, security of the stored biometric data and other claims from the hackers.
According to a latest news report, another instance of Aadhaar data leak has been reported where a state government in India was careless enough to leave data of thousands of its workers exposed without any password. As part of the report, the government of Jharkhand left data of 1,66,000 workers exposed along with other important bits such as names, job titles, and partial phone numbers.
Reported Data Leak
This data leak was initially reported by TechCrunch which stated that the data was left exposed since 2014. The leaked data was located on a government system that was used to record attendance of government workers in Jharkhand state. What was even more surprising was that the IT system used the 12-digit unique number as the file name of photos on each page in the record. TechCrunch was reportedly able to verify the authenticity of the Aadhaar numbers found on the Jharkhand government website by the checking the same using UIDAI’s official tool.
The report adds that the attendance system was hosted on a sub-domain of the official website of the Jharkhand government and the same was even indexed in Google, making its accidental discovery quite possible for anyone. The cache pages of the individual government employee attendance records can be easily found in the search giant’s index. Further, anyone with even the basic knowledge of coding could scrape the entire website very easily, the report claimed citing a security researcher. Over a lakh Aadhaar numbers are said to have been left unprotected.
The Aadhaar numbers were not directly listed on the webpage, but the website was fetching the image of the workers by sending their Aadhaar number, which are clearly visible in the URL of the image link. The report noted that even though Aadhaar numbers are not as confidential as a credit or debit card, they still pose a risk of identity theft if not kept closely guarded.
Researchers reached out the government and UIDAI after confirming their findings but they did not receive any response from both the government organizations. Though it looks like the website is currently not accessible. This comes hours after TechCrunch confirmed that the Aadhaar numbers available on the system were valid with the help of a verification tool by UIDAI.
The reason one should care about their Aadhaar number is that anyone can use it along with thumbprints to make use of benefit schemes from the state while enrolling in a number of services including voting, welfare, and financial assistance. Users can also use the number to open a new bank account, get a new SIM connection, and even use it to verify their identity.
Although the latest leak isn’t directly related to the Unique Identification Authority of India (UIDAI), the agency that manages Aadhaar infrastructure in the country, it shows how the Aadhaar data can become so easily vulnerable even when in hands of other governmental agencies. Also, the mere leak of Aadhaar numbers doesn’t seem very alarming, but such a database has the potential of being used by malicious parties for social engineering hacks.
This shows that contrary to the claims by the government and UIDAI that Aadhaar is secure, it is easy for hackers to get on the data without much work and lax security measures if the various government agencies does not implement the necessary security procedures to secure the Aadhaar details.