After exposing vulnerabilities in India Post, BSNL websites, French hacker points fingers at Aadhaar data leakage in Andhra government site

A French security researcher who goes by the pseudonym Elliot Alderson on Wednesday exposed how biometric details of Below Poverty Line (BPL) families were openly available.

Published: 15th March 2018 06:20 AM  |   Last Updated: 15th March 2018 06:24 AM   |  A+A-

Aadhaar Card (File | PTI)

Express News Service

VIJAYAWADA: A French security researcher who goes by the pseudonym Elliot Alderson on Wednesday exposed how biometric details of Below Poverty Line (BPL) families were openly available on the Andhra Pradesh Panchayat Raj Department’s website.Alderson, who has been taking a keen interest in flagging Indian websites’ vulnerabilities, posted a URL of the state government’s site to show how Aadhaar card scans of people were being handled carelessly. 

The screenshots clearly display fingerprints of people enrolled under Below Poverty Line category.
Seven hours after the vigilante hacker called out the chink on Twitter, officials replaced the URL http://pris.ap.gov.in/bpl/uploads/ with a blank page, but Alderson claimed the details were still easily available.

“You don’t even know how to fix this issue, the documents are still accessible...,” he tweeted.
When contacted, Alderson told TNIE all it took to gain access to people’s Aadhaar details was “a proper google search with the right queries”.

Hitting out at the Unique Identification Authority of India which had dismissed his allegation saying it was not carelessness on the part of the government, but “unscrupulous” elements that were putting confidential details of citizens online, Elliot Alderson posted a screenshot of the state department’s website.

“Hi @UIDAI and @ceo_uidai, let me show you one of the “unscrupulous elements”. This governmental website is leaking 4769 files,” he said on the social networking site.

He, however, added that the data was not coming from the Aadhaar database, “but you have to admit that there is an issue here. If even a governmental website is not able to handle personal data of citizens correctly...”.

The vigilante hacker stated that he was not for or against Aadhaar, but thought a project of such magnitude deserved maximum security.

Neither the Principal Secretary nor the Commissioner of the Panchayat Raj Department were available for comment. The website, pris.ap.gov.in, was designed and is being maintained by private company Entro labs IT solutions. The firm has also developed an Android app for the website which has clocked over 10,000 downloads.

IT & Communications Department Principal Secretary K Vijayanand said the website would be linked to the State government’s server. This is not the first time that the hacker has pointed out problems in the Indian government’s websites. Over the past few months, many vulnerabilities in websites including that of India Post, BSNL and EFLU were exposed by the security researcher, and hence fixed.

Stay up to date on all the latest Andhra Pradesh news with The New Indian Express App. Download now

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.