Your Aadhaar is now just a Google search away, says French ethical hacker

Aadhaar data provided to approved third party affiliates can be found with a simple Google search using the Aadhaar catchphrase ‘Mera Aadhaar Meri Pehchan’.

Published: 17th March 2018 03:41 AM  |   Last Updated: 17th March 2018 02:09 PM   |  A+A-

Aadhaar Card (File | PTI)

Express News Service

HYDERABAD: Aadhaar data provided to Unique Identification Authority of India (UIDAI) approved third party affiliates can be found with a simple Google search using the Aadhaar catchphrase ‘Mera Aadhaar Meri Pehchan’. This was a well-known secret among Aadhaar and cybersecurity researchers but went viral after French security researcher Robert Baptiste tweeted out the keywords needed to find the Aadhaar documents. 

“Hi @UIDAI and @ceo_uidai, it’s time for you to force your partners to handle #Aadhaar cards in a secure way. If you make a google search query with one of this line you will find thousands of #Aadhaar card. @UIDAI: It’s time to admit that this is not OK and to work on a fix.” said Baptiste in his tweet.  The Aadhaar, pan card, passport and driver licence details of Amarjit Awsan Chaursiya, of Maharashtra were leaked online and made available with a simple google search by the consumerhelpline.gov.in.

ALSO READ | Passport details of AIFF staff, players leaked

The details of Chaursiya, owner of Krishna Agribusiness development private limited, and six others who are his fellow board of directors were also publicly available. When contacted by Express for the first time and alerted about the entire episode, Chaursiya asked: “So what’s the big deal?” It was only after the pitfalls of “data theft” were explained to him that he said, “I understand this is serious. I will contact consumer help line tomorrow. I thought everyone’s information was available but if it’s just our company, that’s not right.” 

Express did a Google advanced search following the instructions tweeted by Baptiste and stumbled upon Aadhaar details of individuals by the Indian National Centre for Ocean Information Services, All India Football Federation, Starcards India private, an IT services provider from Hyderabad among several pages of pdf files. All the Aadhaar data was found with websites having “.gov.in” domains.Baptiste, believes that UIDIA can fix the leaks and even get rid of the bulk of Aadhaar data leaked online. 

UPSC SITE TOO? 

Union Public Service Commission website ‘upsc.gov.in’ has been hijacked for cryptocurrency mining by a cryptocurrency firm Coinhive. “#Coinhive found on the website of Union Public Service Commission (India) - http://www.upsc.gov.in/. This is an interesting case of #cryptojacking as it’s injecting the short URL form of Coinhive (cnhv[.]co) via the code shown in the screenshot,” tweeted Troy Mursch of Bad Packets, a researcher on #cryptojacking, botnets, network abuse, and other security topics.

Stay up to date on all the latest Hyderabad news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp