Click it and Unblock the Notifications
Aadhaar data leak could reveal all user data
Have an Aadhaar number? If so, your personal information could be at stake.
Aadhaar, the national identity database of India contains sensitive data including biometric and personal information of the country's citizens. Already, there over 1.1 billion Aadhaar holders in India and this figure is to increase as the government has made it mandatory to have an Aadhaar card and link it with the essential services such as bank account, SIM card, utilities, etc. In the near future, those who not have an Aadhaar would be unable to access basic government services.
Having said that, this database should be having a great security system, which will remain protected. However, it appears to be plagued with security issues. Aadhaar is hitting the headlines for several wrong reasons of late and the main issue is due to the security problems associated with it.
As per a recent report by ZDNet, the database is said to be leaking information about every Aadhaar holder. The report citing the information revealed by a New Delhi-based security researcher Karan Saini, states that a data leak on the Aadhaar database by a state-run utility company can allow anyone to download and access the private information of all the Aadhaar holders. This is could be potentially harmful as it will expose the name, 12-digit unique identity number, and linked services such as the mobile number and bank details.
The research is said to have found a vulnerable endpoint and anyone with an Aadhaar number can be affected. The report further states that the authorities are yet to fix this security flaw in the national level identity database.
The report does not reveal the name of the utility provider but claims that the company has access to the Aadhaar database via an API, which is used by the company to check the customers' status and verify their identity. As the company has not secured the API, it is possible to get the private data of the Aadhaar holders, even if they are not the customers of the utility provider.
Saini has also found that the API does not have any limitation allowing an attacker to cycle try out every permutation to gain access to the Aadhaar details each time a successful result is hit. He has explained that it is possible to enumerate Aadhaar numbers by cycling through combinations like 1234 5678 0000 to 1234 5678 9999 to find the corresponding details.
But UIDAI (Unique Identification Authority), which administers the Aadhaar database says that the database does not store any information about bank accounts. Though the potential for a data leak is yet to be confirmed by the authority, the access to Aadhaar details will increase the risk of impersonation and identity theft.
-
1,29,999 -
22,999 -
64,999 -
99,999 -
29,999 -
39,999 -
-
63,999 -
1,56,900 -
96,949
-
1,39,900 -
1,29,900 -
79,900 -
65,900 -
12,999 -
96,949
-
16,499 -
38,999 -
30,700 -
49,999
-
19,999 -
17,970 -
21,999 -
13,474 -
18,999 -
22,999 -
19,999 -
17,999 -
26,999 -
5,999
-1763362932432.svg){kind=logo}
Continue with Google