French cybersecurity researcher Robert Baptiste, who goes by the online handle Elliot Alderson, claims he has uncovered a security lapse in India's Aadhaar system which exposed sensitive information of millions of Indian Oil customers. The state-owned corporation markets its cooking gas under its Indane brand.
READ MORE: Very Big Brother-esque: Facebook Tracks Users "Dangerous" for the Company
Exclusive: A new security lapse has exposed over 5.8 million Aadhaar numbers. https://t.co/DgLAcCx6Nx
— TechCrunch (@TechCrunch) February 19, 2019
It’s time to publish the details of the biggest #DataLeak I had to deal with. @IndianOilcl leaked #Aadhaar numbers: 6,700,000 Aadhaar numbers https://t.co/QJaDZlOBcR
— Elliot Alderson (@fs0c131y) February 19, 2019
"I wrote the python script. By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9,490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak," he wrote.
He said that he could have gotten more customer records but his IP was blocked by Indane.
READ MORE: 'Digital Gangsters': Facebook Blasted for Shadowy Conduct in New UK Gov't Report
"Unfortunately, Indane probably blocked my IP, so I didn't test the remaining 1,572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson added.
Officials from UIDAI and Indane were not available for comment.