Aadhaar, the Indian citizenship database, vulnerable to hackers

Threat Actor: Unknown | Unknown
Victim: Indian citizens | Indian citizens
Price: £6
Exfiltrated Data Type: Sensitive information such as fingerprints, iris records, name, phone number, email address, address, photos, and other data submitted to UIDAI.

Additional Information:

The Aadhaar Citizen Database in India has been sold online for £6.
The database contains sensitive information such as fingerprints, iris records, name, phone number, email address, address, photos, and other data submitted to UIDAI.
The Tribune in India reported that access to the database was gained through anonymous WhatsApp groups and a payment of Rs500.
The newspaper did not indicate whether sensitive citizen information was accessed, but they were able to obtain the citizen’s name, address, photos, and other data submitted to UIDAI.
An additional payment of 300 rupees would provide the software to print a fake Aadhaar ID card.
UIDAI officials have been informed about the breach.
Sanjay Jindal, Deputy Director General of the UIDAI Regional Center, stated that no third person other than the Director General and him had access to their official portals and that any unauthorized log-in was illegal.
The exposure of such information has caused panic among Indian citizens.
UIDAI denied the reports and claimed that Aadhaar data, including biometric information, is completely safe.
Aadhaar data can be shared when citizens want to use a service or need to serve the government.

According to theGuardian media reported that India’s citizen information database Aadhaar sold online for £6. The Aadhaar Citizen Database has extremely sensitive information such as fingerprints, iris records, in addition to its name, phone number, email address and more. The Tribune in India reported that they were able to gain access to an account accessing the database through anonymous WhatsApp groups and then spending Rs500. Although the newspaper media did not indicate whether it was able to access sensitive citizen information, they said it was able to obtain the citizen’s name, address, photos and other data submitted to UIDAI. If you pay an extra 300 rupees, you will also get the software to print a fake Aadhaar ID card.

Image: tribuneindia

The media has informed UIDAI officials. In response, Sanjay Jindal, Deputy Director General of the UIDAI Regional Center, said that no third person other than the Director General and him had access to their official portals and that anyone’s log-in was illegal.

Perhaps it may not be dangerous for media like the Tribune to get access to the Aadhaar database, but exposure to such information has sparked panic among Indian citizens.

The perils of making Aadhaar mandatory and linking it to bank accounts, as insisted upon by Modi govt, are visible here. Do we need more proof to stop this madness? https://t.co/9OEbitCmDO

— Sitaram Yechury (@SitaramYechury) January 4, 2018

‘AADHAR’ data breached yet again!

As every citizen’s personal information is exposed to hackers everyday & ‘Right to Privacy’ is mocked and flouted with impunity, Modi Govt remains immune.

Is anyone listening?https://t.co/UDSfOlSWv9

— Randeep Singh Surjewala (@rssurjewala) January 4, 2018

However, after this series of reports, UIDAI denied these reports – “Aadhaar data – including biometric information completely safe.” In addition, the agency added that Aadhaar is not a secret when citizens want to use a These data can be shared when service or need to serve the government.

Reference: theguardian

Original Source: https://securityonline.info/indian-citizenship-database-aadhaar-open-to-hacker/

Tags: EMAIL, BANK, BREACH, GOVERNMENT