11:31 GMT27 February 2021
Listen Live
    Asia & Pacific
    Get short URL
    0 0 0

    In India, Aadhaar numbers serve as digital identification for each individual akin to social security numbers in the US. It is managed by the Unique Identification Authority of India (UIDAI) and the Aadhaar database contains sensitive and private information, including biometric scans.

    French cybersecurity researcher Robert Baptiste, who goes by the online handle Elliot Alderson, claims he has uncovered a security lapse in India's Aadhaar system which exposed sensitive information of millions of Indian Oil customers. The state-owned corporation markets its cooking gas under its Indane brand.

    READ MORE: Very Big Brother-esque: Facebook Tracks Users "Dangerous" for the Company

    The link in Alderson's tweet directs to a webpage that claims that some 6.7 Million Aadhaar numbers are up for grabs under the revealed security breach. The lapse was uncovered by Alderson using custom-built script coded in python to scrape the database of Indane dealers.

    "I wrote the python script. By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9,490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak," he wrote.

    He said that he could have gotten more customer records but his IP was blocked by Indane.

    READ MORE: 'Digital Gangsters': Facebook Blasted for Shadowy Conduct in New UK Gov't Report

    "Unfortunately, Indane probably blocked my IP, so I didn't test the remaining 1,572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson added.

    Officials from UIDAI and Indane were not available for comment.


    Apple Threatens to Remove Apps Caught Recording Users’ Data Without Permission
    US Navy Seeks ‘Secure’ Vendor to Burn its Weapons Testing Data ‘To Ash’
    Germany Forbids Facebook to Combine User Data From Different Sources
    Hackers Steal Personal Data, Professional Contacts From Airbus' Servers
    Data, personal data, leak, leaked documents, India
    Community standardsDiscussion