© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
The Rajasthan state government’s website has fixed bugs that exposed the Jan Aadhaar details of millions of people. The leaked information includes copies of Aadhaar cards and sensitive and personally identifiable information.
According to a recent report by TechCrunch, the security exploits, which were first discovered by a security researcher named Viktor Markopoulos, leaked information like copies of Aadhaar cards and sensitive information like birth and marriage certificates, income statements and electricity bills of citizens who enrolled in the state-run Jan Aadhaar programme. Personal information like date of birth, father’s name and gender were also revealed.
The Jan Aadhaar portal was launched in 2019 to offer a quick way to get benefits from the state government’s welfare schemes. It has a database of more than 78 million individuals and 20 million families in the state of Rajasthan. This is different from the normal Aadhaar card, which is backed by the Unique Identification Authority (UIDAI) and backed by the central government.
The report suggests that Viktor Markopolous, who works for the cybersecurity firm Clouddefense.ai, first discovered the security vulnerabilities in December last year and asked the publication to help him reveal these exploits to the authorities. They were then fixed last week by the Indian Computer Emergency Response Team (CERT-In), the agency responsible for dealing with cyber security incidents in India.
The researcher explained that one of the bugs allowed access to personal documents and information to anyone with knowledge of the person’s phone number, while another exploit returned sensitive data since the server responsible for storing the data did not check if the one-time passwords were valid.
