ZDNet report on Aadhaar leakage through a government utility service provider

  • Thread starter Thread starter Sushubh
  • Start date Start date
  • Replies Replies 8
  • Views Views 1,202
Sushubh

Sushubh

Admin
Staff member
Messages
406,971
Location
Gurgaon
ISP
Excitel
Airtel
A new data leak hits Aadhaar, India's national ID database | ZDNet

they tried for a month to get the issue fixed before reporting. the issue was not fixed at the time of publication of this article.
they have held back the actual details of the leak. the leak was reported to them by an indian guy.

When Saini ran a handful of Aadhaar numbers (from friends who gave him permission) through the endpoint, the server's response included the Aadhaar holder's full name and their consumer number -- a unique customer number used by that utility provider. The response also reveals information on connected bank accounts, said Saini. Screenshots seen by ZDNet reveal details about which bank that person uses -- though, no other banking information was returned.

That seems to contradict a tweet by India's Unique Identification Authority (UIDAI), the government department that administers the Aadhaar database, which said: "Aadhaar database does not keep any information about bank accounts."

Another tweet on the same day by Ravi Shankar Prasad, India's minister for electronics and information technology, also said: "Aadhaar does not save the details of your bank account."

The endpoint doesn't just pull data on the utility provider's customers; the API allows access to Aadhaar holders' information who have connections with other utility companies, as well.
Click to expand...
 
As always, Aadhaar database safe, no truth in reports of breach, UIDAI clarifies
The news report had stated that the database of the state utility company containing its customer details such as bank account numbers, consumer number, 12-digit Aadhaar number could be made accessible to outsiders and hence misused. Questioning this claim, the UIDAI, in its press release said, “Even if the claim purported in the story were taken as true, it would raise security concerns on database of that Utility Company and has nothing to do with security of UIDAI’s Aadhaar database. If one goes by the logic of ZDNet’s story, since the Utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached? The answer would obviously be in negative.”
Click to expand...
 
a tweet from a Member of Parliament -
Source

"@Swamy39: In California I learnt that for $50 any software specialist can download anyone’s Aadhar personal data"
 

Similar threads

Sushubh
Aadhaar imposition by private companies
Replies
4
Views
911
Sushubh
Sushubh
Aadhaar and UPI being used to scam people out of their money
Replies
0
Views
884
Sushubh
Sushubh
MeitY admits on record that Aadhaar data has been leaked by agencies
Replies
0
Views
893
Sushubh
Sushubh
Flipboard Data Breach
Replies
0
Views
659
Sushubh
Top