A new data leak hits Aadhaar, India's national ID database | ZDNet
they tried for a month to get the issue fixed before reporting. the issue was not fixed at the time of publication of this article.
they have held back the actual details of the leak. the leak was reported to them by an indian guy.
they tried for a month to get the issue fixed before reporting. the issue was not fixed at the time of publication of this article.
they have held back the actual details of the leak. the leak was reported to them by an indian guy.
When Saini ran a handful of Aadhaar numbers (from friends who gave him permission) through the endpoint, the server's response included the Aadhaar holder's full name and their consumer number -- a unique customer number used by that utility provider. The response also reveals information on connected bank accounts, said Saini. Screenshots seen by ZDNet reveal details about which bank that person uses -- though, no other banking information was returned.
That seems to contradict a tweet by India's Unique Identification Authority (UIDAI), the government department that administers the Aadhaar database, which said: "Aadhaar database does not keep any information about bank accounts."
Another tweet on the same day by Ravi Shankar Prasad, India's minister for electronics and information technology, also said: "Aadhaar does not save the details of your bank account."
The endpoint doesn't just pull data on the utility provider's customers; the API allows access to Aadhaar holders' information who have connections with other utility companies, as well.