Indian Oil Corporation Ltd. has denied all claims of leaked Aadhar data of 6.7 million consumers through its Indane website. A French security researcher, Baptiste Robert, whose online handle is called Elliot Alderson, said in a blog post that he investigated the website after receiving a tip from a Twitter follower.
The investigation revealed that the website wasn't secured and lacked authentication in the local dealers portal. The led to a leak of consumers names, addresses and the Aadhar details. IndianOil, however, denied the claims stating that the company only uses only the Aadhar number which is mandatory for the transfer of LPG subsidy.
"No other Aadhaar related details are captured by IndianOil. Therefore, leakage of Aadhaar data is not possible through us. In the past, oil marketing companies on time to time basis were hosting the consumption of subsidized LPG refills by customers, multiple connections list having customer information like customer number, name LPG id, and address, in public domain (transparency portal) in their respective websites which were available for social audits. There is no Aadhaar number hosted on this website," IndianOil said in a statement.
The French security researcher claimed that Indane blocked his IP and he was able to test only 9,490 dealers out of the total 11,062 dealers "My script tested 9,490 dealers and found that a total of 58,26,116 Indane customers are affected by this leak," his blog post reads.
In 2018, the Supreme Court upheld the requirement of Aadhar for mobile phones and bank accounts. "The data which is been collected by all the government or non-government organization can be misused in many ways. So it is wise to educate ourselves and others about the loss one can face," Manan Shah, Founder and CEO, Avalance Global Solutions, told IANS in a statement.