TRAI chief's personal details leaked after he shares Aadhaar number in challenge to hackers

 Hours later, his personal details like PAN number and alternative phone number were put out on public domain by hackers triggering a debate on Aadhaar data security.

Published: 28th July 2018 11:57 PM  |   Last Updated: 30th July 2018 06:29 PM   |  A+A-

trai-aadhaar-rssharma

TRAI chief RS Sharma. (Photo | file)

By Agencies

NEW DELHI: Telecom Regulatory Authority of India (TRAI) chairman RS Sharma was left in an awkward situation on Saturday after he shared his 12-digit Aadhaar number on Twitter and issued a challenge to show that how mere knowledge of the number could be misused. Hours later, his personal details like PAN number and alternative phone number were put out on public domain by hackers triggering a debate on Aadhaar data security.

Sharma had tweeted: "Now I give this challenge to you: Show me one concrete example where you can do any harm to me!". The challenge by Sharma had got 577 retweets, and 745 likes by late evening.

A screenshot of TRAI chief RS Sharma's challenge (Twitter @rssharma3)

The tweet was sent as a reply to one @kingslyj’s post at around 1.45 pm. By 6 pm, however, French security expert and Aadhaar critic, who goes by the nickname Elliot Alderson, in a series of tweets had revealed the mobile number linked to the Aadhaar number. Soon, Sharma’s PAN number, alternative phone number, email ID, the phone he was using, his WhatsApp profile pic and some other sensitive data was out in the open.

"People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make (sic) your Aadhaar number public is not a good idea," Alderson wrote.

A screenshot of ethical hacker Elliot Alderson's tweet (Twitter @fs0c131y)

Alderson replied to Sharma: "The phone number linked to this #Aadhaar number is 9*********.

"According to an official @nicmeity circular, this phone number is the number of your secretary," Alderson wrote and posted a link to the Ministry of Electronics and Information Technology circular.

A screenshot of ethical hacker Elliot Alderson's tweet (Twitter @fs0c131y)

The security researched also posted a picture of Sharma with a portion of it blackened. "I supposed this is your wife or daughter next to you."

A screenshot of ethical hacker Elliot Alderson's tweet (Twitter @fs0c131y)

Alderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Sharma's leaked details with key areas blackened and hidden.

Another hacker, meanwhile, discovered that Sharma was using an iPhone with the said number.

A screenshot of ethical hacker Elliot Alderson's tweet (Twitter @fs0c131y)

One of the screenshots even carried his PAN details. But that was also hidden.

A screenshot of ethical hacker Elliot Alderson's tweet (Twitter @fs0c131y)

A few others claimed Sharma's email security question was his frequent flyer number.

(Twitter | @DeanOfJio)

They also discovered that Sharma had not linked his Aadhaar number to a bank account. “I probably need to say it again: I’m not against #Aadhaar. I’m only against people who think that #Aadhaar is unhackable,” Elliot added.

A screenshot of the ongoing conversation between RS Sharma and Elliot Alderson

To another users' comment seeking legal indemnity in case the Aadhaar number was indeed misused, Sharma wrote, "Show me friend! I promise that I will take no action against you".

When contacted by PTI, Sharma declined to make detailed comment on the matter saying "let the challenge run for some time".

A screenshot of the ongoing conversation between RS Sharma and Elliot Alderson

Around 2 am, Sharma tweeted that he was still 'waiting'.

However, some Twitter users also disputed the claims of Aadhaar data breach, stating that most of the data disclosed was in public domain as Sharma is a high ranking official.

RS Sharma, a champion of the Aadhaar

Sharma, a known defender of Aadhaar, has been maintaining that the unique ID does not violate privacy and the government reserved a right to create such a database of residents since it gives subsidies on state-run welfare schemes.

(translation: Why you so scared? What's the use of a disclaimer? These details are not any state secret. My DOB is on the Indian govt's portal for 40 years. The address is of my old house. If you want the new one's , I will give you. Want it (address of new house)?

A Twitter user had earlier asked Sharma to "walk your talk" after the TRAI chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable.

He said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.

The Aadhaar privacy debate

Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit biometric number was harmful to citizen's privacy.

The high drama played out on the micro-blogging platform just a day after Justice Srikrishna committee came out with its report on data protection where it mooted changes in Aadhaar Act and proposed new safeguards to protect information of Aadhaar holders.

The Justice Srikrishna panel on data protection has recommended that Aadhaar Act be amended "significantly" to bolster privacy safeguards, and mooted that only public authorities discharging public functions approved by the UIDAI or entities mandated by law be given the right to request for identity authentication.

The report, submitted yesterday, assumes significance given that public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes, and instances of unregulated and arbitrary use, especially that of personal data, have raised concerns about privacy and autonomy of an individual.

Over the last one year, there have also been reports of personal information being allegedly compromised with increasing use of biometric identifier Aadhaar in an array of services, and the Supreme Court has reserved its judgement on a clutch of petitions challenging the constitutional validity of Aadhaar Act.

(With inputs from PTI, IANS and online desk)

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments(8)

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

  • Adrian

    It does not matter when people release details such as PAN Card, Phone number, Whatapp profile pic, gmail password etc. What matters is how Aadhar is going to evolve in the future. Let us assume that third-parties link everything to Aadhar and create a personal profile and if that TRAI chairman has a horrible love life and has used his credit card to purchase pornography online, since his bank account is linked to Aadhar, it is obviously profiled. In such case, will it not cause the person any harm? Aadhar is linked to mobile and internet, let us assume ever website you ever visited and linked to Aadhar and what happens when this information is leaked. What Mr. Chairman is trying to prove is that it is harmless now, which it is. Because profiling has not happened yet. You cannot guarantee that this will not happen in the future.
    3 months ago reply
  • Adrian

    It does not matter when people release details such as PAN Card, Phone number, Whatapp profile pic, gmail password etc. What matters is how Aadhar is going to evolve in the future. Let us assume that third-parties link everything to Aadhar and create a personal profile and if that TRAI chairman has a horrible love life and has used his credit card to purchase pornography online, since his bank account is linked to Aadhar, it is obviously profiled. In such case, will it not cause the person any harm? Aadhar is linked to mobile and internet, let us assume ever website you ever visited and linked to Aadhar and what happens when this information is leaked. What Mr. Chairman is trying to prove is that it is harmless now, which it is. Because profiling has not happened yet. You cannot guarantee that this will not happen in the future.
    3 months ago reply
  • Adrian

    It does not matter when people release details such as PAN Card, Phone number, Whatapp profile pic, gmail password etc. What matters is how Aadhar is going to evolve in the future. Let us assume that third-parties link everything to Aadhar and create a personal profile and if that TRAI chairman has a horrible love life and has used his credit card to purchase pornography online, since his bank account is linked to Aadhar, it is obviously profiled. In such case, will it not cause the person any harm? Aadhar is linked to mobile and internet, let us assume ever website you ever visited and linked to Aadhar and what happens when this information is leaked. What Mr. Chairman is trying to prove is that it is harmless now, which it is. Because profiling has not happened yet. You cannot guarantee that this will not happen in the future.
    3 months ago reply
  • bharat kapoor

    Sharma is right. In spite of getting info linked to Aadhar no damage can be caused unless password and OTP are compromised.
    3 months ago reply
  • Pratap Singh

    Aadhaar Act is unconstitutional in view of the right of privacy.
    3 months ago reply
  • Ravella sivaprasad

    Every time when an otp comes from aadhar it is not showing the reason for which otp was coming. It is just showing "your aadhar otp is.....". If you specify the reason, atleast an educated person may aware of the purpose of using that particular otp.
    3 months ago reply
  • Kala

    Totally stupid... Wat the hell is wrong with you ppl? U have been giving ur ration xerox license xerox everywer all these days... Why aadhar alone breaks ur privacy? Ur smartphones bank or credit card details can be hacked by 100 different ways... Blamimg aadhar is pure politics...
    3 months ago reply
    • Really?

      Not everyone gives their personal details everywhere, that's why. Maybe you do, and many others do. But there is a section of people who don't. You're right. There are a 100 different possible ways to break into accounts. It still doesn't bolster the case for a government sponsored way, does it though?
      3 months ago reply
facebook twitter whatsapp