VIJAYAWADA: Flagging chinks in the State Board of Intermediate Education’s (BIE) website, French cybersecurity researcher Robert Baptiste, who goes by pseudonym Elliot Alderson, alerted the State government that the website had poor security mechanism.
Though the webpage in question was pulled down on Thursday evening, hours after the researcher notified the glitch, the Information Technology department has decided to go for security audit of all the government websites.
“Hi @AndhraPradeshCM, one of your websites leaks the personal data of students including the #Aadhaarnumbers, photos, father and mother names. Can you contact me immediately in private to fix the situation? (sic)” he tweeted, also tagging the Indian Computer Emergency Response Team (Ministry of Electronics and IT) and National Nodal Agency for Protection of Critical Information Infrastructure (NCIIPC India).
Additional Chief Secretary (to CM) PV Ramesh acknowledged the alert.
The website in question, bie.ap.gov.in, pertains to the Board of Intermediate Education.
A top-ranking IT official said that the maintenance of the website was under BIE’s purview.
Every department hires a vendor to have its websites designed and maintained, the official noted.
BIE officials were unavailable for comment.
Another official from the IT department maintained that the issue does not qualify as a leak or a breach as information was only accessible through brute force, a trial and error method.
However, cybersecurity researchers noted that the website exposes the poor security mechanism and stressed the need for a second step of authentication such as a one-time-password.
By evening, Elliot Alderson, who in the past had also exposed several loopholes in Indian government websites, tweeted, “Problem “solved”, they took down the page. (sic)” The IT Department said, “We immediately alerted the BIE and asked them to take necessary steps. We recently requested all departments for security audits. We will once again do that and extend our support.”