HYDERABAD: Aadhaar data provided to Unique Identification Authority of India (UIDAI) approved third party affiliates can be found with a simple Google search using the Aadhaar catchphrase ‘Mera Aadhaar Meri Pehchan’. This was a well-known secret among Aadhaar and cybersecurity researchers but went viral after French security researcher Robert Baptiste tweeted out the keywords needed to find the Aadhaar documents.
“Hi @UIDAI and @ceo_uidai, it’s time for you to force your partners to handle #Aadhaar cards in a secure way. If you make a google search query with one of this line you will find thousands of #Aadhaar card. @UIDAI: It’s time to admit that this is not OK and to work on a fix.” said Baptiste in his tweet. The Aadhaar, pan card, passport and driver licence details of Amarjit Awsan Chaursiya, of Maharashtra were leaked online and made available with a simple google search by the consumerhelpline.gov.in.
The details of Chaursiya, owner of Krishna Agribusiness development private limited, and six others who are his fellow board of directors were also publicly available. When contacted by Express for the first time and alerted about the entire episode, Chaursiya asked: “So what’s the big deal?” It was only after the pitfalls of “data theft” were explained to him that he said, “I understand this is serious. I will contact consumer help line tomorrow. I thought everyone’s information was available but if it’s just our company, that’s not right.”
Express did a Google advanced search following the instructions tweeted by Baptiste and stumbled upon Aadhaar details of individuals by the Indian National Centre for Ocean Information Services, All India Football Federation, Starcards India private, an IT services provider from Hyderabad among several pages of pdf files. All the Aadhaar data was found with websites having “.gov.in” domains.Baptiste, believes that UIDIA can fix the leaks and even get rid of the bulk of Aadhaar data leaked online.
UPSC SITE TOO?
Union Public Service Commission website ‘upsc.gov.in’ has been hijacked for cryptocurrency mining by a cryptocurrency firm Coinhive. “#Coinhive found on the website of Union Public Service Commission (India) - http://www.upsc.gov.in/. This is an interesting case of #cryptojacking as it’s injecting the short URL form of Coinhive (cnhv[.]co) via the code shown in the screenshot,” tweeted Troy Mursch of Bad Packets, a researcher on #cryptojacking, botnets, network abuse, and other security topics.